Spyware Information: First4Internet
This is a file masking tool. Such tools are used by viruses and spyware to mask their identities from software that is designed to find them and shut them down. To accomplish this, the tools may add unusable space to the files, or combine multiple files into one.
- Size: 5,048 bytes
- Threat level: High (more info...)
- Detections: 43 this month: 0
- Author: First4Internet
- Appeared: 10/01/05
Research
- Method of infection: This rootkit is installed as part of the copy protection (DRM) software included on some audio CDs distributed by Sony BMG.
- Privacy issues: Moderate. This software communicates with Sony in order to send an install ID and determine if there are updates to the album's lyrics or cover art. This is not necessarily unwelcome behavior, but it is not disclosed in the EULA and cannot be disabled. The user's IP address, which is potentially personally identifiable, is transmitted with these network requests.
- Privacy policy:
First4Internet:
http://www.xcp-aurora.com/privacy_policy.aspx
Sony BMG:
http://www.sonybmg.com/privacypolicy.html - Security issues: Severe. This rootkit blindly hides from the Windows API any files or folders whose names are prefixed with "$sys$". Viruses have come out that exploit this feature by naming their files with this convention, making them significantly more difficult to remove.
- Stability issues: Severe. This rootkit scans all running processes 8 times and monitors their behavior, which causes a significant increase in system activity and could destabilize a system. This software is not written entirely safely; it does not appropriately handle invalid data, or may "unload" its drivers when other programs are calling it, either of which can cause Windows to crash with a bluescreen.
Spyware Detection Stats
- Spyware Fingerprints: 91,859
- Detections: 6,792,650
- Detections this Month: 797
Spyware Search
Recommended
Keep your computer safe. Automatically keeps up-to-date to protect from the latest threats.
