Trojan Horse Hides Using Sony Rootkit
What security experts have warned about Sony's DRM has come to pass, with a new trojan horse attempting to hide itself using techniques enabled by the company's anti-piracy software. Dubbed "Troj/Stinx-E" by Sophos, the application copies itself to a file called: $sys$drv.exe, which is hidden by Sony's copy protection.
F-Secure has named the malware "Breplibot.b," but says a code mistake will limit its damage. "Luckily, the bot has a design flaw. If the Sony DRM rootkit is active (hiding) in the system during infection, the bot will not run at all. Moreover, the bot cannot survive a reboot because of a programming error," explained F-Secure's Mika Pehkonen in a blog posting.