Rootkits: Sony does it again

Martin Brinkmann
Aug 28, 2007
Updated • Jul 28, 2013
Security
|
3

I would have never thought that a company like Sony would not learn from its mistakes especially after the first rootkit debacle which was a major public relations fiasco for Sony. The first rootkit was placed on several audio CDs that were distributed in 2005 and led to a $6 million settle case in the United States. While the rootkit was intended to make it impossible for customers (albeit ineffectively) to copy music from the CDs it was on, it was effectively used by producers of malware, trojans and spyware to hide their code from antivirus software.

The sentence that always reminds me of how amateurish Sony handled the whole affair went something in the line of "People who don't know what rootkits do should not care about them".

It seems Sony did it again. F-Secure is reporting that Sony is now selling an USB stick - the Sony MicroVault - which installs a hidden folder in c:\windows when installing the USB fingerprint software.

So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place.

F-Secure suspects that the hidden folder is used to protect the fingerprint authentication and strongly disagrees that this is the correct way to achieve a protection.

Malware writers can use the hidden folder to place part of or all of the malware in that folder to avoid detection by antivirus software and other security software that may be running on the PC.

I think that Sony made a big mistake in using such a technology again even if it was intended to be of good use for the owner.

Advertisement

Related content

Intel

Microsoft publishes new Registry security mitigation for Intel processors (Spectre)

KeePassXC adds support for Passkeys, improves database import from Bitwarden and 1Password
Malwarebytes 5

First look at Malwarebytes 5.0
RustDoor malware targets macOS users by posing as a Visual Studio Update

RustDoor malware targets macOS users by posing as a Visual Studio Update
keys

KeePass 2.56 released: options search and history improvements
70 million account credentials were leaked in a massive password dump

70 million account credentials were leaked in a massive password dump

Previous Post: «
Next Post: «

Comments

  1. Benóný said on August 29, 2007 at 1:10 pm
    Reply

    “Guru” Sony hasn’t had a good year since 2004 or 2005 :|

  2. The Guru said on August 29, 2007 at 5:35 am
    Reply

    Sony is not having a good year…

  3. Tobey said on August 28, 2007 at 8:48 pm
    Reply

    Oh they obviously screwed up again.

    How many more times… :-\

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved