The following are the Spyware Encyclopedia pages for the pests which relate to Sony BMG's rootkit-based Digital Rights
Management software, which is being distributed on audio CDs. These CDs install the pest XCP.Sony.Rootkit, which is a trojan
that opens security vulnerabilities through rootkit functionality. They also launch Music Player, which is a media player
that phones home to Sony BMG, sending information which could be used to compile profiles of the CDs played on a given computer.
XCP.Sony.Rootkit
Music Player
Sony BMG and First4Internet have released multiple versions of a service pack 2 patch and provided an uninstaller ActiveX.
The patch removes the rootkit functionality and closes the security vulnerability, but fails the eTrust PestPatrol scorecard
on other points that consumers should be aware of prior to installing it. Even after being patched, the DRM software continues
to fail the scorecard.
XCP.Sony.Rootkit.Patch
XCP.Sony.SP2
Computer Associates has received uninstaller links from First4Internet, writing on behalf of Sony BGM. It is an ActiveX
control. Analysis shows that the uninstaller verifies that it is on the same system which ran the initial ActiveX control
as part of the uninstaller request process. In addition, each link provided by First4Internet can only be used once for a
succesful uninstall. This effectively prevents easy redistribution of the uninstaller, and requires everyone who wishes to
receive the uninstaller to do so through Sony BMG's official process, which involves releasing personally identifiable information
for marketing use by Sony BMG and undisclosed third parties. Early versions of the uninstaller were less reliable, and could
leave a running service behind, not fully uninstalling the software. This appears to have been corrected in later versions
of the software, which do remove all active components of the trojan. Even in later versions, however, some registry keys
remain behind.
Neither the patch nor the uninstaller ActiveX control remove the phone home technology from Music Player. Music Player
continues to pose the same privacy risks after their installation/execution as it did before.
Latest Spyware Alerts
> XCP.Sony.Rootkit (New!)
Latest Virus Alerts
Our Spyware Information Center is your complete resource for protecting your business against Spyware and Pests
** HATE TO SAY IT BUT YOU WHO HAVE LIMEWIRE YA ITS SPYWARE**
Overview
Summary
A peer network used primarily for music file sharing. In an organization, can degrade network performance and consume
vast amounts of storage. Is distributed with many spyware/adware products bundled in.
Vendor Description
Lime Wire LLC is dedicated to building advanced file-sharing client/server software which will connect computing devices
over public and private networks. Our team of developers hails from some of the world's most highly-regarded academic and
professional institutions, such as MIT, Columbia, Goldman Sachs, Merrill Lynch, CIBC Oppenheimer, and Compaq. Lime Wire LLC
is a wholly owned subsidiary of the Lime Group, a technology incubator based in downtown New York City. Lime Wire LLC, a New
York based Limited Liability Company, was founded in August, 2000. Lime Wire was founded to develop technologies to develop
and profit from the formation of worldwide peer-to-peer networks across the internet. At current, Lime Wire has the world's
largest team of developers building applications for the Gnutella network. Lime Wire's first product, a software package named
LimeWire, is a powerful and scalable serverless networking software that enables entities on the internet to share, search
for, and obtain files via the Gnutella Network. LimeWire has already achieved considerable popularity, having been downloaded
more than 3,000,000 times as of 5/30/01, including 250,000 downloads during the week of May 19-25. A recent PC Pitstop study
shows that Lime Wire resides on over 1.5% of PCs worldwide. The LimeWire software was designed to be free to individual users,
in order to accelerate the growth of the network as a whole and introduce people to the power of peer-to-peer networks. Although
LimeWire currently is being used mainly for file-sharing, LimeWire has the potential to become an informational tool with
capabilities beyond those currently existing on the Internet, such as the World Wide Web. Content-serving entities on a peer-to-peer
network will be able to respond to queries with dynamically generated, real-time information. Search requestors will be able
to query and draw data directly from one or more databases, without having to navigate through several bulky web interfaces.
Search requestors will also be able to communicate with multiple computers simultaneously, and preselect the type and form
of information they will receive in response to their requests. Lime Wire is already building the technologies to communicate
over peer-to-peer networks though structured metadata queries, transcending the text-based search capabilities of the World
Wide Web and the current Gnutella network.
Category
Adware : Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear
to be assocaited with the product.
Adware: Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear
to be assocaited with the product.
Origins
Date of Origin
March, 2002
Distribution
Limewire: 0.8%
Clot Factor
Limewire: 42
Growth
Limewire: Insufficient data to report growth
Operation
Storage Required
Limewire: at least 6225KB
Detections:
List of Objects Present:
PestPatrol detects the following files and registry entries for this software..
Here we will present information concerning W32.Peerload.A and clones. This info can contain information
about removal tools, short info and links to the AV producer who reported the virus.
Information concerning W32.Peerload.A comes from third party unless. Information is gathered automatically and therefore
there might contain minor inconsistencies. For information about more viruses please see Virusakuten
This detection covers dll files that can capture system specific information, send the information to caller programs.
The dll exports several functions for other program to use. Once installed, the dll can hook several system function
calls. Information is monitored and saved to local file. It creates a name pipe for other trojan program to connect
to the machine and upload the file.
Trojans do not self-replicate. They are spread
manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer
networks, newsgroup postings, etc.
Modifications made to the system Registry and/or INI files for the purposes
of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Malware Advisories Top Threats Security Advisories
MALWARE NAME RISK RATING ADVISORY DATE PATTERN FILE
ELF_LUPPER.C Low 2005-11-16 2.952.01 (CPR)
PE_BOBAX.AK-O Low 2005-11-16 2.952.02 (CPR)
PE_BOBAX.AK Low 2005-11-16 2.952.02 (CPR)
WORM_SOBER.AE Low 2005-11-16 2.952.02 (CPR)
WORM_RONTOKBRO.F Low 2005-11-16 2.952.01 (CPR)
TROJ_KILLFYL.AC Low 2005-11-16 2.952.01 (CPR)
TROJ_DLOADER.ANS Low 2005-11-16 2.952.01 (CPR)
WORM_SOBER.AF Low 2005-11-16 2.951.00
WORM_SDBOT.CQP Low 2005-11-15 2.948.02 (CPR)
WORM_SOBER.AD Low 2005-11-15 2.947.00
Pattern Version: 2.951.00
Release Type: New Malware Threat
Notes: WORM_SOBER.AE,WORM_SOBER.AF
November 16, 2005, 05:56:02 (GMT -08:00)
---------------------
New Virus Detected:
---------------------
There are [18] new virus detected by the pattern file.
All detailed virus names please refer to the list below.
WORM_BLAXE.A
Blaxe This network worm attempts to share itself to Kazaa, Grokster and Imesh peer-to-peer network. ... exe %1" Then,
it creates an the following registry entry to enable to the worm to run at every Windows startup. The worm shares this folder
within peer to peer file-sharing networks (Grokster, iMesh, Kazaa) by adding the following values.
BKDR_AGOBOT.JX
Imelda Yap AUTOMATIC REMOVAL INSTRUCTIONS To automatically remove this malware from your system, please use Trend Micro
Damage Cleanup Engine and Template. ... exe To enable itself to run at every Windows startup, it adds the following registry
entries.
WORM_SDBOT.AE
administrador Administrator ADMINISTRATOR america argentina brasil brazil cambiar carro casaCASA chivas computadora consulado
correo cuarto david education email escuela faculty fuckyou futbol hombre james javier jorge manager maria mexico mirror molotov
monitor mujer musica network nintendo Penis penis playstation porno ...
WORM_ANTINNY.E
It may also spread via peer to programs by dropping copies of itself into default shared file folders. _autorun _config
_loader _login _setup _start It creates the following autostart entry to enable execution at every system startup.
WORM_WINDFILE.A
Delphi This worm uses the peer-to-peer application KAZAA to propogate. exe P2P Network Propagation and Routine This worm
uses the KAZAA peer to peer network to propagate. If the Kazaa peer-to-peer client is installed in your system, change the
shared folder and the sharing setting to anything other than the settings when the worm entered the system.
WORM_WINDFILE.B
Delphi This worm uses the peer-to-peer application KAZAA to propogate. exe" P2P Network Propagation and Routine This
worm uses the KAZAA peer to peer network to propagate. If the Kazaa peer-to-peer client is installed in your system, change
the shared folder and the sharing setting to anything other than the settings when the worm entered the system.
SYMBOS_FONTAL.B
The only way to stop the affected mobile phone from restarting again and again is to restore its factory settings. The
only way to stop the affected mobile phone from restarting again and again is to restore its factory settings. ... It uses
social engineering techniques, in this case pretending to be a Nokia Antivirus application, to trick users into installing
SYMBOS_FONTAL.
TROJ_GNUTELMAN.A
Upon execution, this Trojan attaches itself to a peer-to-peer, file-sharing network, GNUTELLA, via port 99. ... A, Gnutella
Worm This Trojan connects to a file sharing network, GNUTELLA, and disguises itself as a searched file in that network that
allows it to spread to other users who download it.
TROJ_FTAPP.B
Ftapp This non-destructive Trojan, installed via a peer-to-peer sharing program, attempts to monitor the Web browsing
activity of a target user and displays advertisements. ... To do this, Trend Micro customers must download the latest pattern
file and scan their system.
TROJ_TUIL.A
It may possibly reach systems via email, Instant Messenger, network shares, mapped drives, and peer-to-peer file-sharing
networks. ... This malware creates a registry entry to automatically load its copy every system startup but errors in the
malware code prevents it from doing so.
Home > Security Info > Virus Encyclopedia
Virus Encyclopedia
10 - 20 of more than 500 records match your query
WORM_BENJAMIN.A
Filler, W32/Kazoa This destructive worm propagates through the Kazaa network, a peer-to-peer file exchange network. ...
Payloads This worm stays in memory to continuously process its destructive payload, which is to fill an infected user's hard
disk drive for as long as Windows permits the creation of files.
WORM_SHERMNAR.A
exe This worm also attempts to propagate by copying itself to any accessible, peer-to-peer KaZaA file-sharing network
drive. ... Default\Software\Kazaa This worm propagates by copying itself to any accessible, peer-to-peer (P2P) KaZaA file-sharing
network drive.
WORM_KAZMOR.A
... 14 Year old webcam 15 year old webcam 16 year old webcam 12 year old forced rape cum girls gone wild Devon - Elevator
Scene I Deep Throat Kelly Another bang bus victim forced rape sex cum ZoneAlarm Firewall WinZip Key Generator and Crack How
to be a terrorist Government Secrets Nero Burning ROM Cracked Teen Violent Forced Gangbang PS1 Boot Disc Sony P...
WORM_KWBOT.A
EXE To propagate, this worm drops a copy of itself in the shared folder of KaZaA Media Desktop, a peer-to-peer application
for sharing files with other users on the Internet. ... WORM This Internet worm propagates through KaZaA, a peer-to-peer file
sharing utility.
WORM_DANDI.A
Unidadworm AUTOMATIC REMOVAL INSTRUCTIONS To automatically remove this malware from your system, please refer to the Trend
Micro Damage Cleanup Engine and Template. ... If the KaZaA peer-to-peer file sharing utility is installed on the system, the
said.
WORM_COWBOT.13
This worm also has the ability to spread through KaZaa peer-to-peer (P2P) shared network. ... Then it creates the following
registry entries to auto execute at every system startup and enable its Internet Relay Chat RoBOT (IRC BOT for short) to function.
WORM_SURNOVA.A
File-Sharing/Peer-to-Peer Applications This worm then attempts to modify this registry entry to point to the Windows Media
folder. ... Supova This memory-resident worm uses Microsoft Messenger (MSN) and Kazaa peer-to-peer (P2P) application to propagate
itself.
WORM_SURNOVA.B
It propagates through file sharing via the KaZaA peer-to-peer application and the Microsoft Messenger (MSN). Upon execution,
this worm copies itself to the following files in the Windows directory and in the Windows Media directory. ... This makes
it possible for the worm to execute automatically on every startup.
WORM_REDERPS.A
MORPHeus, KaZaA Media Desktops, Bearshare, and eDonkey 2000 are peer-to-peer applications which allow users to search
files across the network for downloads and share their own files for other users to download. ... SPREADER This worm makes
multiple copies of itself in the default shared directory of peer-to-peer (P2P) applications such as BearShare, KaZaA Media
Desktops, MORPHeus, and eDonkey 2000.
WORM_SURNOVA.D
It uses the Microsoft Messenger (MSN) and the Kazaa peer-to-peer (P2P) application to propagate. Upon execution, this
worm copies itself to the following files in the Windows directory and in the Windows Media directory. ... This makes it possible
for the worm to execute automatically on every startup.
Home > Security Info > Virus Encyclopedia
Virus Encyclopedia
20 - 30 of more than 500 records match your query
WORM_SURNOVA.F
It propagates copies of itself using MSN Messenger and the Kazaa peer-to-peer (P2P) application. exe It then check whether
Kazaa, a peer-to-peer file sharing application that allows sharing of files with other users over the Internet, is installed
on the system.
WORM_SURNOVA.G
It propagates copies of itself via the Kazaa peer-to-peer (P2P) application. ... exe %Windows% refers to the Windows directory,
which is usually located at C. To do this, Trend Micro customers must download the latest pattern file and scan their system.
Removing Autostart Entries from the Registry Removing autostart entries from the registry prevents the malware from executing
during startup.
WORM_KAZDIR.A
This worm, written in Borland Delphi, propagates via the Kazaa peer-to-peer file sharing network. ... It creates the following
registry entries to enable file sharing in Kazaa, and to share the folder containing the dropped worm copy. ... This worm
virus has been renamed to WORM_SAMBUD.
WORM_KWBOT.B
To propagate, this worm copies itself in the shared folder of the KaZaA Media Desktop, a peer-to-peer application for
sharing files with other users on the Internet. ... This Internet worm propagates via Kazaa, a peer-to-peer file sharing utility.
... To do this, Trend Micro customers must download the latest pattern file and scan their system.
WORM_SURNOVA.C
It propagates via MSN Messenger and Kazaa, a peer-to-peer application, which enables users to share files over a network.
... In the left panel, navigate to the Windows directory, which is usually C. To do this, Trend Micro customers must download
the latest pattern file and scan their system.
WORM_ENERKAZ.A
a This Win32 Internet worm spreads via Kazaa, the peer-to-peer application which allows users to share files over a network.
... AUTOMATIC REMOVAL INSTRUCTIONS To automatically remove this malware from your system, please use Trend Micro Damage Cleanup
Engine and Template.
WORM_ENERKAZ.B
Sambud This worm spreads via the peer-to-peer file-sharing network. This is a worm that spreads through a KaZaA peer-to-peer
file sharing program. ... It creates the registry to direct the sharing folder to the newly created folder called %Windows%\Sys32.
*Where %Windows% refers to the Windows directory, which is usually located in C.
BAT_LILTRICK.A
A This nondestructive batch file worm propagates via Kazaa, the popular peer-to-peer application, which allows users to
share files over a network. This file contains its autostart entry, which it adds to existing registry settings to enable
its automatic execution upon system startup.
BAT_MIGRATE.A
BAT It also spreads via Internet Relay Chat (IRC), DCC (Direct Client Connection) Send, and Kazaa, the peer-to-peer file
application which allows users to share files over a network. vbs %Current directory%\ u4q3 %Current directory%\ f8i4 %Current
directory%\ m0q4 %Current directory%\ f3 GREETING.
WORM_ENERKAZ.C
This is an intended worm designed to propagate via the Kazaa peer-to-peer file-sharing network. ... To do this Trend Micro
customers must download the latest pattern file and scan their system. To do this Trend Micro customers must download the
latest pattern file and scan their system.
Descriptions for Newly Discovered Threats (Includes
Viruses, Trojans and Hoaxes)
Threat type: Adware - Adware is generally software that displays advertisements. Some advertisers
may covertly install adware on your system and generate a stream of unsolicited advertisements that can clutter your desktop
and affect your productivity. The advertisements may also contain pornographic or other material that you might find inappropriate.
The extra processing required to track you or to display advertisements can tax your computer and hurt your system performance.
Advice:
Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy.
Threat
risk: Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's
habits are tracked and sent back to a server for analysis without your consent or knowledge.
Description:
Author:
NULL
Author URL:
Author description:
SurfSideKick Signature Details: The following information includes some of the standard
signatures* associated with this spyware threat. Please do not attempt to manually remove these items from your computer;
Removing these items incorrectly or partially can cause your computer to experience critical errors, prevent your computer
from restarting or cause loss of Internet connectivity. Should you be infected with SurfSideKick, you can clean your machine
of this spyware threat for free by downloading CounterSpy now.
FIRST: Please unzip Pocket KillBox to its own folder. Leave it where you can find it for now.
THEN: Please Download the attached KillSSK.reg
and save it to your Desktop.
NEXT: DoubleClick on the KillSSK.reg and follow the prompts
to allow the entries to merge into the registry.
NOW: Please open Pocket KillBox.
Next,
you will be entering the following SSK files into Pocket KillBox. Please select the “Delete on Reboot” Option. Enter or Copy&Paste each of the following into the box one by one,
making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry,
but DO NOT Allow your machine to be Rebooted until the last item has been entered: ** Note: For
the .dlls, check the Unregister .dll Before Deleting box as well.
When the last item has been entered and you are prompted
to reboot, ALLOW Pocket KillBox to Reboot your computer. If Killbox fails to Reboot your machine,
do it manually.
NEXT: Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Reboot
to Normal Windows.......
COMPUTER SECURITY SYSTEMS ALL RIGHTS RESERVE 2005
official budu.com linkback partner
official