Technology news and Jobs arrow Information Technology News arrow Sony USB rootkit not as bad as CD case but still serious: F-Secure
Sony USB rootkit not as bad as CD case but still serious: F-Secure E-mail
by Stan Beer   
Thursday, 30 August 2007
Sony Corporation is in the news again over its proclivity to install hidden directories on its customers' hard drives. However, the revelation that some Sony USB memory sticks come with rootkit-like software is not quite as bad as the infamous Sony CD DRM case two years ago, according to the security company who has gone public with the story.

Featured Whitepaper

5 Best Practices for Smartphone Support
In a nutshell, Finnish security company F-Secure has reported to have found software with rootkit-like behaviour supplied with Sony USB sticks with a built-in fingerprint reader.

"The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\", So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files," Mikko Hypponen, chief research officer at F-Secure wrote in the company blog.

"There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place."

However, in a follow up blog posting Hypponen says the USB case is not as bad as the CD DRM case," Hypponen writes.

"The user understands that he is installing software, it's on the included CD, and has a standard method of uninstalling that software.

"The fingerprint driver does not hide its folder as "deeply" as does the XCP DRM folder. The MicroVault software probably wouldn't hide malware as effectively from (some) real-time antivirus scanners."

However, Hypponen does say it is possible to run executable malware from the hidden directory. What's more, the new rootkit which can still be downloaded from sony.net can be used by any malware author to hide any folder.

"If you simply extract one executable from the package and include it in malware, it will hide that malware's folder, no questions asked," Hypponen says.

It appears that Sony is not interested in talking about the issue with the security company that contacted the company before outing this case.

"We still haven't received any kind of response from Sony International," Hypponen writes.

Tags See All Tags


Security  Software  Sony  Stan Beer 
Powered By Joomla Tags

Please enable JavaScript in your browser to post your comment!
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More

Today on iTWireToday on iTWire

Latest news
Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers