Researcher: Sony BMG "rootkit" still widespread

Researcher: Sony BMG "rootkit" still widespread
Robert Lemos, SecurityFocus 2006-01-16

WASHINGTON D.C. -- Hundreds of thousands of networks across the globe, including many military and government networks, appear to still contain PCs with the controversial copy-protection software installed by music discs sold by media giant Sony BMG, a security researcher told attendees at the ShmooCon hacking conference this weekend.

Expand all | Post comment

Researcher: Sony BMG "rootkit" still widespread 2006-01-16
Anonymous

Researcher: Sony BMG "rootkit" still widespread 2006-01-17
Anonymous

Researcher: Sony BMG "rootkit" still widespread 2006-01-18
Anonymous (1 replies)

Another reason for inflated figures ... 2006-01-18
Roger

How to tell if you're affected 2006-01-18
Roger

Fortunately, there is a very easy test to see if a machine is affected. Create a file of any type, and rename it to something starting with "$sys$". ($sys$canary.txt seems popular.) If the file vanishes, you have been rootkitted! Since it vanishes from command line tests too, the test is easy to script and, say, put in a logon script. Here's a simple example:

@ECHO OFF

ECHO . > $sys$canary.txt

IF EXIST $sys$canary.txt GOTO SKIP

NET SEND Administrator HELP! Sony rootkit may be present on my PC!

:SKIP

DEL $sys$canary.txt

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11369/32980#32980

Don't they sell MP3 players too? 2006-06-17
Anonymous