1st Sony rootkit malware

[plun]

Hi

BKDR_BREPLIBOT.C

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BREPLIBOT.C&VSect=T

http://www.viruslist.com/en/weblog

This one is really ugly......... more to come, for sure.

I really hope that MS is som smart that they include Sonys
damned rootkit within next defs.

 

[Dave M]

Here's the information we have on that in Ms chat earlier today:

Mike Nash (Moderator):

Q: [10] whats MS stance on the sony root kit drama

A: We are evaluating the current situation to determine if any action from
Microsoft is necessary.

The security of our customers' information is a top priority at Microsoft, and
we have invested considerable resources in the security of our products and
processes. As such, we are concerned about any malware, including rootkits,
which targets our customers and negatively impacts the security, reliability and
performance of their systems. Both Windows Defender and the Malicious Software
Removal Tool (MSRT) have established objective criteria to determine what code
will be classified for removal. We will let you know what we decide shortly.

 

[plun]

Hi

Thanks Dave, this can be a nightmare if vendors are afraid
of detecting Sonys Rootkit. It must be removed.

IMHO

This malware described from TM is really ugly and
and I must say "wake up" to all dealing with PC security.

But I believe that MS maybe talks to much with Sony
within Trusted Computing Group so they are maybe close
companions marching againts TPM.........

--
plun


Dave M expressed precisely :

Here's the information we have on that in Ms chat earlier today:

Mike Nash (Moderator):

Q: [10] whats MS stance on the sony root kit drama

A: We are evaluating the current situation to determine if any action from
Microsoft is necessary.

The security of our customers' information is a top priority at Microsoft,
and we have invested considerable resources in the security of our products
and processes. As such, we are concerned about any malware, including
rootkits, which targets our customers and negatively impacts the security,
reliability and performance of their systems. Both Windows Defender and the
Malicious Software Removal Tool (MSRT) have established objective criteria to
determine what code will be classified for removal. We will let you know what
we decide shortly.


--
Regards, Dave

Hi

BKDR_BREPLIBOT.C

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BREPLIBOT.C&VSect=T

http://www.viruslist.com/en/weblog

This one is really ugly......... more to come, for sure.

I really hope that MS is som smart that they include Sonys
damned rootkit within next defs.

 

[Dave M]

....all I can say is... It's going to get interesting around here. Pull up a
seat and watch the action.

 

[plun]

Hi

And fasten seat belts.........

Using TM PC Cillin 2006 so I am not so worried

Maybe if I was running One Care it might be a hard tour !?

 

[Rusty]

The MS Antispyware analysis paper was issued in March and has not changed
to my knowledge:

http://www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx

Sony's rootkit qualifies as spyware on a number of the analysis criteria!

 

[Bill Sanderson]

Another thing Mike Nash said today:
---
Mike Nash (Moderator):
Q: [10] whats MS stance on the sony root kit drama

A: We are evaluating the current situation to determine if any action from
Microsoft is necessary.
The security of our customers' information is a top priority at Microsoft,
and we have invested considerable resources in the security of our products
and processes. As such, we are concerned about any malware, including
rootkits, which targets our customers and negatively impacts the security,
reliability and performance of their systems. Both Windows Defender and the
Malicious Software Removal Tool (MSRT) have established objective criteria
to determine what code will be classified for removal. We will let you know
what we decide shortly.

 

[Bill Sanderson]

Will I ever learn to read threads before posting?
(don't answer--rhetorical question!)

 

[Bill Sanderson]

The number of vendors detecting and removing is increasing, and includes the
mainstream a/v vendors such as Symantec and Mcafee.

--

 

[Dave M]

True Rusty,
But with Windows® Defender for XP now scheduled for first half of next year, and
no rootkit remover capability in the current Beta1, perhaps they're just hoping
it goes away by then? I would hope for detection, removal is beyond my
expectations.

 

[plun]

Hi

Well, MR Nash he talks and talks, is he a "doer" or just a talker ?

http://beta.windowsonecare.com/

Follow link
"See a full list of virus-related security threats."

http://beta.windowsonecare.com/secinfo/av/TopThreats.aspx

Must be a joke ............ same tactic as for MSAS and defs ?

To the "recycle bin" with this.

--
plun


Bill Sanderson explained on 2005-11-10 :

Another thing Mike Nash said today:
---
Mike Nash (Moderator):
Q: [10] whats MS stance on the sony root kit drama

A: We are evaluating the current situation to determine if any action from
Microsoft is necessary.
The security of our customers' information is a top priority at Microsoft,
and we have invested considerable resources in the security of our products
and processes. As such, we are concerned about any malware, including
rootkits, which targets our customers and negatively impacts the security,
reliability and performance of their systems. Both Windows Defender and the
Malicious Software Removal Tool (MSRT) have established objective criteria to
determine what code will be classified for removal. We will let you know what
we decide shortly.
---


--

Hi

BKDR_BREPLIBOT.C

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BREPLIBOT.C&VSect=T

http://www.viruslist.com/en/weblog

This one is really ugly......... more to come, for sure.

I really hope that MS is som smart that they include Sonys
damned rootkit within next defs.

 

[Bill Sanderson]

In my experience, what he says will happen, will happen. He's empowered to
speak publicly about what Microsoft will do in his sphere of
influence--that's not a light responsibility at all.

Microsoft has a range of anti-malware products--Windows Defender, Windows
OneCare Live, and the Malicious Software Removal tool. Traditionally,
removal of rootkits has been the responsibility/domain of the Malicious
Software Removal tool.

I suspect that the question remaining is not if, nor when, but which
tool(s?)
--

Hi

Well, MR Nash he talks and talks, is he a "doer" or just a talker ?

http://beta.windowsonecare.com/

Follow link
"See a full list of virus-related security threats."

http://beta.windowsonecare.com/secinfo/av/TopThreats.aspx

Must be a joke ............ same tactic as for MSAS and defs ?

To the "recycle bin" with this.

--
plun


Bill Sanderson explained on 2005-11-10 :

Another thing Mike Nash said today:
---
Mike Nash (Moderator):
Q: [10] whats MS stance on the sony root kit drama

A: We are evaluating the current situation to determine if any action
from Microsoft is necessary.
The security of our customers' information is a top priority at
Microsoft, and we have invested considerable resources in the security of
our products and processes. As such, we are concerned about any malware,
including rootkits, which targets our customers and negatively impacts
the security, reliability and performance of their systems. Both Windows
Defender and the Malicious Software Removal Tool (MSRT) have established
objective criteria to determine what code will be classified for removal.
We will let you know what we decide shortly.
---


--

Hi

BKDR_BREPLIBOT.C

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_BREPLIBOT.C&VSect=T

http://www.viruslist.com/en/weblog

This one is really ugly......... more to come, for sure.

I really hope that MS is som smart that they include Sonys
damned rootkit within next defs.

 

[plun]

More:

http://news.com.com/Bots+for+Sony+CD+software+spotted+online/2100-1029_3-5944643.html?tag=nefd.lede

Nothing to think about, do something !

--
plun



plun wrote on 2005-11-10 :

 

[plun]

And Symantec:

http://www.symantec.com/avcenter/venc/data/backdoor.ryknos.html

And:

Windows OneCare is down for maintenance. Please try again later.

MS thinks.........



--
plun



plun used his keyboard to write :

 

[Guest]

This update patch from Sony could make the infection visible as it will
remove the rootkit components of the XCP software if its detected on the
system.

http://cp.sonybmg.com/xcp/english/updates.html

maybe Microsoft could work with First 4 Internet and use the same detection
the update patch uses when it scans for XCP files now its being used by
Trojan writers

 

[Dave M]

Here's some quotes from the Sony website that Andy references... For your
reading pleasure...

Sony BMG wants music to be easily transferable to any device that supports
secure music. Currently, music from our protected CDs may be transferred to
hundreds of such devices, as both Microsoft and Sony have assisted to make the
user experience on our discs as seamless as possible with their secure formats.
Unfortunately, in order to directly and smoothly rip content into iTunes it
requires the assistance of Apple. To date, Apple has not been willing to
cooperate with our protection vendors to make ripping to iTunes and to the iPod
a simple experience.

How can I make sure my computer is secure?

The best way to make sure your system is secure is to ensure that you have the
latest version of our software. Our technology vendors are constantly looking to
improve the product as well as respond to any critical software issues found.
Please check here for upgrades to address any known issues

 

[Bill Sanderson]

As I mentioned--something is being done. The antivirus vendors and
antispyware vendors are detecting and removing this code.

Whether Microsoft is among them, I don't know yet. I'm inclined to think
not since Mike Nash implied that there'd be an announcement or word of some
sort....

Hmm - looked at the "new" list for the Malicious Software Removal tool for
this month--old friends time: Bugbear, Swen, and some newer ones....


Hmm--funny how there's nothing recent in this list:

http://www.xcp-aurora.com/press_related.aspx


--

 

[Bill Sanderson]

Here's some quotes from the Sony website that Andy references... For your
reading pleasure...


How can I make sure my computer is secure?

The best way to make sure your system is secure is to ensure that you have
the latest version of our software. Our technology vendors are constantly
looking to improve the product as well as respond to any critical software
issues found. Please check here for upgrades to address any known issues

LOL

 

[plun]

Hi Andy

Well, I don´t believe that MS should work with Sony or First 4.

Must be better to work with malware vendors...........

Trusthworthy computing !?

With Sony they already works within Trusted Computing Group.
So this cannot have been a surprise for MS !!!

--
plun



AndyManchesta wrote on 2005-11-11 :

 

[Guest]

Nice work so far (see http://blogs.zdnet.com/Spyware/index.php?p=701). Sony
has professional responsibilities resulting from the faulty rootkit... see
http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html - Sony really needs to provide the removal code ex post.