Sony + Rootkits = Trouble (again!)

Summary:Somebody over at Sony must have a thing about rootkits because once again the company is caught trying to cloak files on systems using what security company F-Secure describe as "rootkit-like behavior." This time the product afflicted is Sony's MicroVault USM-F fingerprint reader software that is supplied with fingerprint-protected USB flash drives.

Somebody over at Sony must have a thing about rootkits because once again the company is caught trying to cloak files on systems using what security company F-Secure describe as "rootkit-like behavior."  This time the product afflicted is Sony's MicroVault USM-F fingerprint reader software that is supplied with fingerprint-protected USB flash drives.

The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place. [emphasis added]

Frankly, I'm surprised that Sony is caught up in yet another rootkit mess.  After the whole Sony BMG fiasco from a few years ago I would have thought that it would be a no-no to use rootkits of do anything that looked vaguely rootkit-like.  Apparently not.  Maybe someone didn't get the memo ...

Some companies just don't seem to learn.

Needless to say, steer clear of these Sony MicroVault USB flash drives, at least until this mess is sorted out.

Topics: Hardware

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.