Viruses take advantage of Sony rootkit

Sony BMG Entertainment's inclusion of a rootkit application classified as spyware may have set off the perfect storm of internet insecurity.

Anti-virus vendors have scrambled to remove or deflect the software, or notify users who have downloaded the cloaking application from a Sony CD-Rom. Sony is also being sued by at least one attorney, Alan Himmelfarb in California, seeking damages for Sony customers.

If that weren't enough bad news for Sony, virus authors took advantage of the situation, scuttling in response to news of the rootkit and using the application to find a back door into PCs.

Anti-virus corporations took turns last week notifying the media of new viruses found and promoting themselves as defenders against the rootkit.

Kaspersky Lab warned Friday of a backdoor preprogram, called Backdoor.Win32.Breplibot.b, sent as an attachment to an email using social engineering techniques.

"The attachment allegedly contains a photograph," Kapersky said in a statement. "Once the user launches the attached file, the backdoor code will penetrate the victim machine."

The file is 10,240 bytes in size, and hides through the rootkit technology by using the name $SYS$DRV.EXE.

Meanwhile, Computer Associates also classified the Sony application as spyware and has provided software to remove the rootkit. Symantec offered a removal tool on its website and posted a link to Sony's corporate site. McAfee also referred customers to Sony's website, as did F-Secure.

Panda labs said on Friday that it had found two new trojans, Ryknos.A and Ryknos.B, that exploited PCs using the rootkit.

Researchers from Sophos found the first trojan to take advantage of the Sony rootkit. The Stinx-E trojan appeared to have been deliberately spammed out to email addresses, posing as a message from a British business magazine, SC Magazine reported. When run, it copies itself to a file called $sys$drv.exe. Any file with $sys$ in its name is automatically cloaked by Sony's copy-protection code, making it invisible on computers which have used CDs carrying Sony's copy protection application.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.