Sony Manufactures Device Allows Rootkit Installation
Finnish Company F-Secure Corp has warned that a Sony manufactured biometric USB storage device could install files in a hidden Windows directory, allowing hackers to remotely access the user's system.
The USB device named MicroVault USM-F loads onto the system a driver that is free from detection. This driver finds a place in Windows directory under 'c:windows', said F-Secure.
The files in the Windows directory also hide from anti-virus scanners on the basis of techniques the anti-virus program employs. This has been a case with Sony's BMG DRM. Therefore, the malware can technically use the directory to hide itself, Tolvanen posted on the F-Secure blog.
Sony might be intending to prevent compromise of its fingerprint authentication MicroVault software but the immense publicity given to Sony BMG that could allow installation of hidden rootkits in their compact discs might go against the good intentions, Tolvanen said.
Rootkits are common tools for malware writers who employ them to escape detection and elimination of their malicious code by security programs. Originally, the tool allowed attackers to force access to Unix systems at its root, while the owner remained oblivious of it. But today, rootkits act as cloaking technologies.
F-Secure chief research officer, Mikko Hypponen, said that the latest issue didn't in any way resemble the notorious rootkit incident of 2005. Sony never develops anything for itself in this field; it seems a Chinese company engaged in such developments. However, the resemblance lies in the fact that, just like Sony BMG rootkit, this software too makes use of a hidden folder to hide its files, he added. Earthtimes.org published this on August 28, 2007.
It is hoped that the new rootkit would not spread as widely as in the case of Sony, which previously bundled a rootkit on its music CDs, Graham Cluley, senior technology consultant for Sophos said via e-mail. ComputerWeekly.com reported this on August 29, 2007.
Taiwanese developer FineArt Technology Co. was identified as the creator of the fingerprint-reading MicroVault software.
Related article: Some Suggestions to Deter ‘Windows Rot’
» SPAMfighter News - 13-09-2007