Current
News :
Thursday, November 10, 2005 20:19
Previous News
New high-risk trojan affects systems using Sony DRM
Sony's DRM component which has been causing so much contoversy recently (see http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html) has now been exploited to conceal a potentially damaging trojan horse. A new variant of the Breplibot trojan has been found in the wild today which exploits this DRM system to conceal itself from both users & anti-virus utilities. Distributed as an e-mail attachment (actually an executable but using a .PDF icon) the trojan uses IRC as a communication vector and permits unrestricted access to infected PC's.
Due to the nature of Sony's DRM system this trojan cannot be effectivly detected or cleaned by anti-virus utilities while the DRM system is in operation. Users who beleive they may be infected with this trojan are advised to seek expert assistance as attempting to remove the DRM system may render the system unstable. You can determine if the Sony DRM components are installed on your system (please note that presence of the DRM components does not necessarily indicate presence of the trojan horse) by using Sysinternal's free utility Rootkit Revealer.
Sysinternals has more information on the Sony DRM system here.
Email
Security Warning
A
number of recent e-mail viruses (sometimes called worms) spoof
the 'From' address as part of their propagation strategy. It has
come to our attention that some of these viruses are spoofing
@dal.net addresses as their 'From' address which may be confusing
some DALnet users into believing that these messages originate
from DALnet when in fact they do not. One example recently brought
to our attention looks like this :
From: staff@dal.net <staff@dal.net>
To: ------@dal.net <-----@dal.net>
Date: Saturday, March 6, 2004, 5:25:20 AM
Subject: Notify about using the e-mail account.
Dear user, the management of Dal.net mailing system wants to let you know that,
our anti virus software has detected a large amount of viruses outgoing from
your email account, you may use our free anti-virus tool to clean up your computer
software. For further details see the attach.
Attached file protected with the password for security reasons. Password is 45057.
Sincerely,
The Dal.net team
http://www.dal.net
The message
will contain an attachment, probably a zip file and is believed
to be a variant of the Bagle worm.
Please be
aware that DALnet, in common with most other responsible organizations,
does not and will not distribute any software, patches
or fixes by e-mail. Additionally, DALnet does not operate a mail
system for users, only staff and will not normally initiate communication
with users by e-mail. Official DALnet announcements are posted
to the DALnet mailing lists (see http://www.dal.net/admin/mailinglists.php3)
and may, if of sufficient importance be communicated as a MemoServ
News item.
Should you
receive such an e-mail, please DO NOT open the attached file.
We recommend you delete the message entirely, however experienced
users may wish to examine the mail headers and send an appropriate
complaint to the originating ISP. Please remember if doing
so that this message DID NOT originate from the
dal.net domain or the dal.net mail server, as such we are not
the correct place to send an abuse report to!
Not
got an AV program?
GET
ONE NOW!
Anti-Virus
Information From Trend Micro
|
