Uwe Hermann | A slightly paranoid Debian developer

...next time you write such a piece of malware, how about making it do something useful (instead of nefarious) for a change, say, have your botnet zombies become Tor exit nodes? kthxbye.

I didn't follow this disaster too closely, but here's a short (most probably incomplete) roundup of what happened so far:

1. The Sony DRM installs a rootkit,
2. people use the rootkit to make game cheats safe from the (Blizzard) Warden,
3. trojans start (ab)using the DRM rootkit,
4. Sony gets sued,
5. Sony pulls the rootkit.

Nice bedtime story so far. Now it turns out that Sony’s web-based XCP (rootkit) uninstaller seems to open huge, gaping security holes itself...

Not that I would care too much, I don't buy any Sony CDs. There's a huge pile of great Creative Commons licensed music out there (shameless plug: check my music podcast for some hand-selected goodies). No need to pay huge corporations for crappy music which comes with funny "extras"...

Someone on the security mailinglist Full-Disclosure has posted an interesting warning regarding proof-of-concept exploit code. It seems that multiple published exploits have been replaced with more malicious versions by unknown attackers.

The attackers replaced the shellcode in the demo exploits (which usually opens a root-shell) with more malicious versions like 'rm -rf /*'. As such shellcode usually consists of hex-encoded assembler instructions, most people don't have the slightest chance to understand it, and hence cannot verify what it really does. People who want to "just try out whether I'm vulnerable", might end up with a wiped hard drive (or worse).

The lesson (one of them, that is) we should learn here is to never execute any code we don't trust and/or fully understand.

(via Heise)