SecurityRisk.First4DRM

Behavior

SecurityRisk.First4DRM is a rootkit that hides any processes, files, folders, or registry subkeys that start with the following string:

$sys$

Note:

• This rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software.
• Customers running Norton Internet Security 2005 AntiSpyware Edition, programs from the Norton 2006 line of products, and Symantec AntiVirus Corporate Edition 10.x can make use of the product's remediation functionality to remove this risk.

Symptoms

Any processes, files, folders, or registry subkeys that start with or are renamed to start with the following string are hidden from view:

$sys$

Transmission

This security risk is part of the XCP software present on some Sony BMG content-protected music CDs. When a CD containing this software is started from a CD-ROM, the security risk is automatically installed on the compromised computer.

Protection

• Initial Rapid Release version November 8, 2005
• Latest Rapid Release version June 14, 2008 revision 017
• Initial Daily Certified version November 8, 2005
• Latest Daily Certified version July 24, 2008 revision 024
• Initial Weekly Certified release date November 8, 2005

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.