Menu
More rootkits found on Sony USB drives

More rootkits found on Sony USB drives

A second line of USB drives sold by Sony using rootkit tactics to hide files has been identified, and the devices' software remains on the web, a researcher said Thursday.

Hackers using just one of the package's files can mask their attack code from some security scanners, said Mikko Hypponen, chief research officer at Helsinki, Finland-based F-Secure. "This new rootkit [which can still be downloaded] can be used by any malware author to hide any folder."

On Monday, F-Secure announced that the fingerprint-reader software included with Sony's MicroVault USM-F flash drives stores files in a hidden directory that could be used by hackers to cloak their malicious code. F-Secure noted that the USM-F models were difficult, but not impossible to find. Sony has since confirmed that the line has been discontinued.

But its replacement, the USM512FL, is widely available, and shares the rootkit-like techniques of its predecessor. "They have the same functionality in the latest as well," Hypponen claims.

Sony has removed the download links for the USM-F and USM512FL software from its MicroVault support site, but it is possible to locate a live link -- and download the software -- by searching through Google's cache.

Since F-Secure disclosed Sony's newest rootkit snafu, several other research teams have confirmed the company's findings. On Tuesday, McAfee analysts agreed that hackers could use one of the executable files in the USB drive software to hide any folder, and all the files in that folder, from the prying eyes of security scanners. "Alternately, [attackers] could simply hide their malicious creations in the default installation directory itself," McAfee researchers Aditya Kapoor and Seth Purdy said in a post to the Avert Labs' blog.

U.K.-based Sophos PLC also confirmed the presence of rootkit technologies in the FineArt-created software bundled with the MicroVault drives.

Sony, meanwhile, was still looking into the claims as of late Wednesday, said spokesman Tom Di Nome, who had little to share. "We are still investigating this and are taking the issue very seriously," he said.

In a blog posting Thursday morning, F-Secure's Hypponen stressed that while the MicroVault and Sony BMG cases are similar, this newest security breakdown is not as flagrant. "The fingerprint driver does not hide its folder as 'deeply' as does the XCP [the rootkit-style software developed by Fortium Technologies for use by Sony BMG] folder," said Hypponen. "The MicroVault software probably wouldn't hide malware as effectively from [some] real-time antivirus scanners."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags rootkitsony usb drives

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.‚Äč

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments