Rootkit furore hits Hollywood DVD

	SecurityReason
News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

	WLB
WLB Database

Send to WLB

About WLB

	RSS
News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

	Corporate
Contact

About us

	Services
SecurePHP


	Note
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive : exploit()securityreason()com

News from: World

» Topic: Rootkit furore hits Hollywood DVD

» Added by: Matthew Broersma

» Date: 15.2.2006

A popular movie DVD has been discovered using rootkit-like copy protection, Anti-virus company F-Secure has revealed.

The German DVD of Hollywood blockbuster Mr and Mrs Smith, released on 24 January, contains copy-protection software called Alpha-DVD, according to news organisation Heise, which first reported the issue. The disc will not play on Windows PCs unless the software is installed. Alpha-DVD contains user-mode rootkit-like features that hide its own process, according to F-Secure.

The discovery comes not long after the controversy over similar features found in copy-protection software on CDs distributed by Sony BMG. Rootkits are used by intruders to maintain persistent access to a system, while keeping malicious processes hidden.

Heise said another recent German DVD, "Edison", also contains Alpha-DVD, as does a Korean edition of "Oldboy".

What's more, like Sony BMG's copy-protection software, Alpha-DVD can be misused by third-party software for malicious purposes, according to Heise. The organisation said it has developed a proof-of-concept application that could call on Alpha-DVD to hide itself from the OS. "It takes only a few lines of code to make use of Alpha-DVDs stealth functionality," Heise said in a report.

Unlike the Sony BMG software, Alpha-DVD doesn't hide files or registry entries, according to F-Secure. "This makes the feature a bit less dangerous, as anti-virus products will still be able to scan all files on the disk," said F-Secure vice president Antti Vihavainen in a blog post. "However, it's not that uncommon for real malware to only hide (its) processes."

The creator of Alpha-DVD, a South Korean LG spinoff called Settec, is providing removal software for those concerned about the impact of its copy protection system. By default Alpha-DVD provides neither a Start Menu entry nor an entry in Windows' Add/Remove Programs feature.

F-Secure said software makers should always avoid hiding anything from users, and particularly administrators. "It rarely serves the needs of the user, and in many cases it's very easy to create a security vulnerability this way," wrote Vihavainen.

Source: http://www.techworld.com

	Alert
BSD libc (strfmon) Multiple vulnerabilities - 2008-03-25 Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected BSD systems.


	Apache
» Apache Tomcat information disclosure

» Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability

» Apache Tomcat information disclosure vulnerability

» Apache Tomcat XSS vulnerability



	PHP
» PHP 5.2.6 chdir(),ftok() (standard ext) safe_mode bypass

» PHP 5.2.6 posix_access() (posix ext) safe_mode bypass

» PHP 5.2.5 and prior : *printf() functions Integer Overflow

» PHP 5.2.5 cURL safe_mode bypass