Mr. And Mrs. Rootkit Smith

["Fergie" <fergdawg () netzero net>]

Oh, goodie. More rootkitting fun! This time on DVD's...

Via F=Secure.

[snip]

Heise Online is reporting about yet another example of the ever-warming relationship of copy protection and rootkit 
technologies. The affair started with the digital rights management system Sony BMG was using to protect audio CD's. 
Now, we can also confirm (thanks to Rüdiger from our German office!) that at least the German DVD release of the movie 
"Mr. & Mrs. Smith" contains a copy protection mechanism which uses rootkit-like cloaking technology .

The Settec Alpha-DISC copy protection system used on the DVD contains user-mode rootkit-like features to hide itself. 
The system will hide it's own process, but does not appear to hide any files or registry entries. This makes the 
feature a bit less dangerous, as anti-virus products will still be able to scan all files on the disk. However, as we 
note in our article on rootkits, it's not that uncommon for real malware to only hide their processes.

[snip]

More here:
http://www.f-secure.com/weblog/#00000810

- ferg

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.