Second variant of the Sony DRM trojan detected by BitDefender

November 11th, 2005



Sony XCP DRM - What does it mean to YOU?


[tag]BitDefender[/tag] have today released details of a second variation of the [tag]Sony[/tag] [tag]DRM[/tag] backdoor [tag]Trojan[/tag], called [tag]Backdoor.IRC.Synd.B[/tag]. 

Similar to the first Trojan found earlier today but written with a new digital signature to get past anti-virus defenses, this new version also uses the cover provided by the Sony DRM component to hide itself. Changes found by BitDefender in this new variant include reparation of the bugs from the first version, a change of the file name to "$sys$xp.exe", change of the IRC channel name, as well as some additional minor technical changes.

According to the BitDefender press release, this Trojan installs an IRC backdoor on the affected system, allowing hackers later access to the system. 

There's good news for BitDefender customers:

"BitDefender's [tag]HiVE[/tag] technology enabled us to detect the second variant of the virus without any need for additional signatures," commented Viorel Canja, head of BitDefender Labs. "While this new strain is also in the wild, BitDefender will continue to monitor for any additional variations of the Sony DRM Trojan. BitDefender is committed to being one step ahead of virus writers, so that our customers can feel confident that they are always protected."


Bruce Schneier also has good coverage of the whole issues in the posts "Sony Secretly Installs Rootkit on Computers" and "More on Sony's DRM Rootkit".

And it now seems that the Department for Homeland Security wades into the Sony issue. I get the feeling that they must be seriously feeling the heat now.

So much so that they have temporarily suspended production of CDs that use the XCP technology.

This entry was posted on Friday, November 11th, 2005 at 16:50 and is filed under In the News, Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

5 Responses to “Second variant of the Sony DRM trojan detected by BitDefender”

  1. revelation Says:

    Political and Security Pressures Force Sony to Rethink DRM - You Should, Too

    I’ve felt again and again that big music companies make their existence about toeing the line; the question on their lips is not “How can we produce and sell artful, quality music??, but “How can we maximize the amount of money we’re going to...

  2. Independent Sources Says:

    Public Service Announcement: Do NOT Buy Sony-BMG Discs

    If you see the image below on a disc you are considering purchasing, think again, you might be in for a very unpleasant surprise.

    If you enjoy listening to your music on a computer, be very very careful about putting a Sony-BMG title in your comput...

  3. Spyware Informer Says:

    The Sony DRM from Hell: Am I Infected Too?!

    Yep folks, Sony pulled off a Microsoft by installing illegal Trojan horse-based digital restrictions management (DRM) technology that installs itself as a rootkit on Windows PCs onto people's computers. Users who buy, say... a CD from Amazon might b...

  4. Independent Sources » Blog Archive » Public Service Announcement: Do NOT Buy Sony-BMG Discs Says:

    [...] Updates: Computer Associates has classified the Sony rootkit and its patch as spyware, and will begin removing it. Sony also faces at least two lawsuits over the malicious software the company distributes on its music CDs. At least one library district is banning Sony BMG discs. Enterprising virus writers have already started using the Sony spyware to infect computers. [...]

  5. tdaxp Says:

    Department of Homeland Security Bitchslaps Sony Records

    "DHS Official Weighs In on Sony," by Brian Krebs, Security Fix, 11 November 2005, (from Instapundit, also at Avery Parker, False Positives, Griff John, Groovy Soup, Life on the ...