Sony installs another Rootkit

SECURITY OUTFIT F-Secure said its rootkit detection software has found Sony up to its old tricks.

Sony, which got into huge trouble installing its BMG XCP DRM rootkit in CDs 2005, has installed a root kit into its USB stick software driver.

The USB stick in question, Sony MicroVault USM-F, has a built-in fingerprint reader. F-Secure's BlackLight rootkit detector was reporting hidden files on the system.

The USB software creates "rootkit-like behaviour" which is similar to the Sony BMG case. The Sony MicroVault USM-F fingerprint reader software installs a driver that is hiding a directory under "c:windows"". These are invisible through the Windows API.

Files in this directory are also hidden from some antivirus scanners. It is therefore technically possible for malware to use the hidden directory as a hiding place.

To be fair to Sony, F-secure said that the MicroVault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass. MO< "However, we feel that rootkit-like cloaking techniques are not the right way to go here," F-Secure said, here. µ