*******************************

UPDATE!

Sony XCP DRM - What does it mean to YOU?

*******************************

BitDefender have today released details of a second variation of the Sony DRM backdoor Trojan, called Backdoor.IRC.Synd.B. 

Similar to the first Trojan found earlier today but written with a new digital signature to get past anti-virus defenses, this new version also uses the cover provided by the Sony DRM component to hide itself. Changes found by BitDefender in this new variant include reparation of the bugs from the first version, a change of the file name to "$sys$xp.exe", change of the IRC channel name, as well as some additional minor technical changes.

According to the BitDefender press release, this Trojan installs an IRC backdoor on the affected system, allowing hackers later access to the system. 

There's good news for BitDefender customers:

"BitDefender's HiVE technology enabled us to detect the second variant of the virus without any need for additional signatures," commented Viorel Canja, head of BitDefender Labs. "While this new strain is also in the wild, BitDefender will continue to monitor for any additional variations of the Sony DRM Trojan. BitDefender is committed to being one step ahead of virus writers, so that our customers can feel confident that they are always protected."

EDIT
------------------------------------

Bruce Schneier also has good coverage of the whole issues in the posts "Sony Secretly Installs Rootkit on Computers" and "More on Sony's DRM Rootkit".

And it now seems that the Department for Homeland Security wades into the Sony issue. I get the feeling that they must be seriously feeling the heat now.

So much so that they have temporarily suspended production of CDs that use the XCP technology.

• Immunization against the Sony uninstaller
• Removing the Sony rootkit without using the installer (PDF download)
• XCP/First 4 Internet information
• Secunia - Sony CD First4Internet XCP CodeSupport uninstallation ActiveX control vulnerability
• You can no longer uninstall Sony XCP DRM
• Sony DRM on 500,000 networks (oh, and another flaw discovered)
• Sony DRM code violates open source LGPL license and uninstaller opens a big security hole!
• Don't like the Sony rootkit? Don't run the uninstaller!
• December - Freak-out month for Sony music customers
• Removing the Sony DRM rootkit (and some good news from Microsoft)
• It’s MY PC!
• Second variant of the Sony DRM trojan detected by BitDefender
• SonyBMG DRM Customer Survival Kit
• Sophos releases tool to “detect and disable” cloaking for Sony’s DRM copy-protection
• Sophos to unmask Sony DRM
• Bot uses Sony DRM to hide on PCs
• The EFF on Sony-BMG XCP copy protection
• Sony installs hidden utilities when you play CDs
• It’s not just Sony that use rootkits …
• Sony patching copy-protected CDs … kinda
• BBC News picks up on Sony’s bad behavior
• Sony and CD standards
• Sony replaces rootkit DRM technology with non-rootkit technology
• Another thing that Sony needs to do

Technorati Tags: BitDefender, Sony, DRM, Trojan, Backdoor.IRC.Synd.B, HiVE, XCP

This entry was posted on Friday, November 11th, 2005 at 16:50 and is filed under In the News, Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.