Jump to content
  • Who's Online   0 Members, 0 Anonymous, 13 Guests (See full list)

    • There are no registered users currently online

Sony Goes “Back to the Rootkit”

The Highlander

Recommended Posts


Sony Goes “Back to the Rootkit”



It’s been nearly two years since since Sony got into the rootkit business. Not intentionally, but the DRM installed by Sony BMG CDs when you tried to play them on your PC had rootkit qualities. Not only that, but in a real-life example of the vulnerability, hackers used it to hack World of Warcraft.


Unfortunately, it seems Sony did not learn its lesson. Security company F-Secure charged Monday that the Sony MicroVault USM-F line of USB flash drives installs files in a hidden folder that can be accessed and used by hackers - once again, much as a rootkit.


The product installs a driver that hides in a hidden directory under “c:\windows”. The reason the directory is cloaked is a good one - the drives include fingerprint security and the authentication files are hidden to prevent tampering.


While that’s all fine, the fact that the folder can be used by a resourceful hacker is very similar to the earlier fiasco. In a post on F-Secure’s blog, Mikko Hypponen, F-Secure’s chief research officer, said:


The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under “c:\windows\”. So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place.


We Say: What’s that old saying? “Those who cannot remember the past are condemned to repeat it.” Here we go again.


Read it here: http://www.realtechnews.com/posts/4770

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...