Sony Using Rootkits Again, F-Secure Charges
It's been nearly two years since since Sony got into the rootkit business. Not intentionally, but the DRM installed by Sony BMG CDs when you tried to play them on your PC had rootkit qualities. Not only that, but in a real-life example of the vulnerability, hackers used it to hack World of Warcraft.
Unfortunately, it seems Sony did not learn its lesson.
According to F-Secure Corp., the fingerprint-reader software included with the Sony MicroVault USM-F line of flash drives installs a driver that hides in a hidden directory under "c:\windows". That directory, and the files within it, are not visible through Windows' usual APIs (application programming interface), said F-Secure researcher Mika Tolvanen in a posting to the company's blog Monday.
"This isn't the same code, recycled," said Mikko Hypponen, F-Secure's chief research officer, in a telephone interview Monday. "Sony doesn't do any of its own development in this area; it looks like a Chinese company did it. But the similarities lie in the fact that, like the Sony BMG rootkit, this software uses a hidden folder and hides files in it."
More important, he said, is another trait shared by both. "This can be used to hide malware," Hypponen charged.
It seems like once Sony gets out of one mess (the original rootkit), it gets into another (battery recalls), and now another (still another rootkit).