[Dshield] Rootkits All Around: Universal Music Has It ,Too

Tim Hollebeek tholleb at teknowledge.com
Wed Nov 2 20:58:07 GMT 2005

> No reports *yet*.  The mere fact that it's a free cloaking 
> device for any file with a name that starts with '$sys$' is 
> going to attract the malware writers - and there's bound to 
> be other goodies yet to be revealed.

Filenames aren't the only attractive part.  Imagine the effects
of the registry key:


And the fact that anti-spyware tools won't be able to see that key.


More information about the list mailing list