Somebody over at Sony must have a thing about rootkits because once again the company is caught trying to cloak files on systems using what security company F-Secure describe as "rootkit-like behavior." This time the product afflicted is Sony's MicroVault USM-F fingerprint reader software that is supplied with fingerprint-protected USB flash drives.
The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place. [emphasis added]
Frankly, I'm surprised that Sony is caught up in yet another rootkit mess. After the whole Sony BMG fiasco from a few years ago I would have thought that it would be a no-no to use rootkits of do anything that looked vaguely rootkit-like. Apparently not. Maybe someone didn't get the memo ...
Some companies just don't seem to learn.
Needless to say, steer clear of these Sony MicroVault USB flash drives, at least until this mess is sorted out.