F-Secure: One more Bot trying to hide under Sony DRM

["Fergie" <fergdawg () netzero net>]

I hate to say "I told you so" but I knew that the flaws
in the previous malware efforts would be quickly corrected
and re-seeded in the wild.

Katrin writes over on the F-Secure "News from the Lab" Blog:

[snip]

Soon after the first Bot using Sony rootkit technology was found another one appeared - Breplibot.C.

This new variant fixes some bugs found in the previous Breplibot.B variant. It uses file '$sys$xp.exe' instead of 
'$sys$drv.exe' when copy to Windows System folder.

[snip]

http://www.f-secure.com/weblog/#00000701

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.