Skip navigation.

Sony DRM Rootkit

sha1: 8fe00da5f0b2114a132f41eb5e7065d46e7741fa $sys$DRMServer.exe
md5sum: $sys$DRMServer.exe
3692633395142b264b0a73e4994f657f *$sys$DRMServer.exe
md5sum: $sys$
2daffd7a9c415f1b41868340d32e680b *$sys$

This is just the executable. I'll get the other files up soon.

I have uploaded an ida database and flow graph for this as well.


I added the supporting dlls and sys files. Ill see if i can get the installer off the cd as well.

Taken from the current

Taken from the current Bleeding Snort rules
Copyright (c) 2005,
All rights reserved.

#By Michael Ligh
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Sony DRM Reporting 1"; flow: to_server,established; uricontent:"/toc/Connect?type=redirect"; nocase; uricontent:"&uId="; nocase; classtype:trojan-activity; reference:url,; sid:2002675; rev:3;)
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE MALWARE Sony DRM Reporting 2"; flow: to_server,established; content:""; nocase; pcre:"User-Agent\:[^\n]+SecureNet[^\n]+Xtra/i"; classtype:trojan-activity; reference:url,; sid:2002674; rev:2;)

" Fuck the fucking fuckers before they fuck you "
- The Rogue Warrior