[Dshield] Rootkits All Around: Universal Music Has It ,Too

Ed Truitt ed.truitt at etee2k.net
Wed Nov 2 21:40:06 GMT 2005


Windows rootkits don't necessarily work like that.  However, it does install its own device driver that takes over control of the CD drive, so I guess it meets that criteria for rootkit, as well.

-EdTr.
-----Original Message-----
From: Mrcorp <mrcorp at yahoo.com>
Date: Wed, 2 Nov 2005 11:34:39 
To:General DShield Discussion List <list at lists.dshield.org>
Subject: Re: [Dshield] Rootkits All Around: Universal Music Has It ,Too

So am I to understand that this program takes Root ownership away from the system
administrator/owner?  That is also hides its activities from antivirus and other tools?  and
allows an outside person access to the system?

Mrcorp

--- Mark Owen <mr.markowen at gmail.com> wrote:

> On 11/2/05, Mrcorp <mrcorp at yahoo.com> wrote:
> > Perhaps I am a bit confused over terms, but are we talking rootkit, spyware, or something
> else?  I
> > find it extremly odd that music companies would be putting rootkits on peoples computers.
> >
> > Mrcorp
> 
> All of the above?  When you install Sony's music player to listen to
> your (their?) music cds you also install a rootkit that scans each
> running process for applications that may circumvent copyright
> protection.  This rootkit runs independent of the CD you're listening
> to and can not be shut off.  The files are embedded into the operating
> system and hidden from view and with no uninstaller making it quite
> difficult to remove.
> 
> See:
> http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
> http://blogs.washingtonpost.com/securityfix/2005/11/sony_raids_hack.html
> http://www.pcpro.co.uk/news/79450/sony-drm-burrows-into-rootkit-code.html
> 
> --
> Mark Owen
> 
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

Cheers,
-E D Truitt

Sent via my BlackBerry from Cingular Wireless


More information about the list mailing list