towsonu2003
November 2nd, 2005, 06:32 PM
Very insteresting stuff... Posting to attract MS Windows admirers' attention further to this...
Rename something.txt to $sys$something.txt and watch it dissapear, if you are infected in your Windows PC. Test it in your work PC as well :)
here is the news (Slashdot):
"An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear. "
From: http://it.slashdot.org/it/05/10/31/2016223.shtml?tid=172
Here is the second part of it:
http://yro.slashdot.org/yro/05/11/02/1421250.shtml?tid=233&tid=17
I'm pretty sure this will get very popular among other companies as well.
Discussion in ubuntu forums at:
http://www.ubuntuforums.org/showthread.php?t=85092
Rename something.txt to $sys$something.txt and watch it dissapear, if you are infected in your Windows PC. Test it in your work PC as well :)
here is the news (Slashdot):
"An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear. "
From: http://it.slashdot.org/it/05/10/31/2016223.shtml?tid=172
Here is the second part of it:
http://yro.slashdot.org/yro/05/11/02/1421250.shtml?tid=233&tid=17
I'm pretty sure this will get very popular among other companies as well.
Discussion in ubuntu forums at:
http://www.ubuntuforums.org/showthread.php?t=85092