Re: Sony DRM Rootkit

From: thunderbird (
Date: 11/11/05

Date: 11 Nov 2005 02:03:54 -0800

nemo_outis wrote:
> Here's a shocker: rootkit installed by Sony!
> Sony, Rootkits and Digital Rights Management Gone Too Far
> rights.html
> Regards,

"The Register reports on the first trojan using Sony's DRM rootkit. A
discovered variant of the Breplibot trojan makes use of the way Sony's
rootkit masks files whose filenames begin with '$sys$'. This means that
files renamed this way by the trojan are effectively invisible to the
average user. The malware is distributed via an email supposedly from a
reputable business magazing requesting that the businessperson verify
his/her attached 'picture' to be used for an upcoming issue. Once the
payload is executed, the trojan then installs an IRC backdoor on
Windows systems."