NEWS FROM THE LAB - Thursday, November 10, 2005

Bot trying to hide under Sony DRM Posted by Mika @ 14:02 GMT

We wouldn't like to say "we told you so" but unfortunately this is one of those times you just have to do it.

We have just analyzed the first malware (Breplibot.b) that is trying to hide on machines that have Sony DRM software installed.

Luckily, the bot has a design flaw. If the Sony DRM rootkit is active (hiding) in the system during infection, the bot will not run at all. Moreover, the bot cannot survive a reboot because of a programming error. In any case, this is a very good example of why software should not use rootkit hiding techniques.