Sony Rootkit Redux
Tuesday August 28, 2007
Just two years shy of the now legendary Sony rootkit fiasco, Sony Corporation is once again making headlines for including rootkit-like software with certain brands of their USB sticks. Acting on a report from a user, researchers at F-Secure confirmed the behavior:
"The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place."
F-Secure researchers contacted Sony before going public with the details, but Sony reportedly declined to respond. The F-Secure blog has complete details.
Comments
I just had an experience with “SPYWARE SHREDDER”, Cost me $150 to get it cleaned out without losing files. QUESTION: What can I use to prevent this malware from coming in again?