Websense Security Labs has received reports of websites that are using the Sony DRM uninstaller as a means to perform malicious actions on end user machines:
Security researchers discovered that the recently released Sony DRM uninstaller included a COM object that it dropped on the machine in order to uninstall the highly publicized rootkit that gets installed as part of some Sony Music DRM software. The COM objects are not removed after installation and leave the machine open to malicious websites using them as an attack vector.
Websense Security Labs added detection mechanisms to its data classification and internet mining techniques soon after discovery of the possible vulnerability was reported. Although we have not seen many sites to date, the potential for sites using this to exploit end users is high.
Any user who has downloaded and run the Sony uninstaller program is susceptible to this attack. In the example below, users’ machine are restarted upon accessing the site. However, there is the potential for more nefarious actions to have been done.
» Microsoft Releases Internet Explorer 7 – Free Download or Automatic Update
» Porn Sites Exploit New Internet Explorer Flaw – Patch Due Oct 10
» Avoid a Virus on Valentine’s Day
» Microsoft Releases Windows WMF Vulnerability Patch
» CallingID Warns of Pre-Christmas Phishing Scams
» PestPatrol Will Detect and Remove Sony DRM "Spyware"
» Microsoft Warns of Windows Image-Handling Flaw
» Microsoft & Secunia Security Advisories for IE Com Flaw
» Online Gamers Targeted in Korean MSN Hack Attack
» WinXP SP2 = Security Placebo?
» Microsoft Responds to ‘SP2 Security Center Issue’
» Microsoft Releases Unscheduled IE Security Patch
» Seven MS Security Bulletins & Patches – Plus Four New IE Vulnerabilities
» Secunia Advisory – Microsoft Internet Explorer Vulnerabilities
» Microsoft Releases Early Cumulative IE Patch – Phishing Flaw Fixed
del.icio.us
Digg
Furl
Netscape
Yahoo! My Web
StumbleUpon
Google Bookmarks
Technorati
BlinkList
Newsvine
ma.gnolia
reddit
Windows Live
Tailrank
