Glide Underground

Yet Another Sony Rootkit?

Articles / Personal Stuff/Random News
Date: Aug 27, 2007 - 12:02 PM
F-Secure have caught yet another Sony product slipping rootkits around - this time it's the Sony Microvault memory stick, which uses rootkit techniques to hide something from the OS...

The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) ? depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place.

In addition to the software that was packaged with the USB stick, we also tested the latest software version available from Sony at and this version also contains the same hiding functionality.
One would think Sony would be learning that they can't get away with this, by now.

This article is from Glide Underground

The URL for this story is: