Trojan Exploiting Sony Rootkit Flawed
Thursday November 10, 2005
It seems the newly discovered Stinx.E Trojan is as buggy as the Sony rootkit it attempts to exploit. The question being asked by some security professionals is whether these are indeed flaws, or whether it's a deliberate attempt by the Trojan author to bring attention to the Sony rootkit problem while avoiding harming users.
The Sony rootkit, developed by First 4 Internet, contains a design flaw that allows any specially named file to be enveloped by the rootkit, thereby masking its presence on the system.
The first Trojan to exploit this flaw, Stinx.E, doesn't properly decrypt the registry keys needed to allow the Trojan to load when Windows is restarted. The Stinx.E Trojan also fails to load if the Sony DRM cloaking technology is active, despite its deliberate attempts to exploit it. Additionally, the IP addresses used to connect to the IRC server are invalid. In effect, the Sony Stinx Trojan is impotent.
Also see:
The Sony rootkit, developed by First 4 Internet, contains a design flaw that allows any specially named file to be enveloped by the rootkit, thereby masking its presence on the system.
The first Trojan to exploit this flaw, Stinx.E, doesn't properly decrypt the registry keys needed to allow the Trojan to load when Windows is restarted. The Stinx.E Trojan also fails to load if the Sony DRM cloaking technology is active, despite its deliberate attempts to exploit it. Additionally, the IP addresses used to connect to the IRC server are invalid. In effect, the Sony Stinx Trojan is impotent.
Also see:
Comments
No comments yet. Leave a Comment