Sony MicroVault software has rootkit function
Warnings raised by F-Secure anti-virus have made the vendor aware of a problem with the support software bundled with Sony's MicroVault USM-F USB stick with fingerprint reader. The software hides on the system using rootkit techniques. This is not a first from Sony. In 2005, the Sony-Bertelsmann operated music subsidiary Sony BMG drew attention to itself with a copy protection mechanism for audio CDs that also implanted itself on the computer as a rootkit.
After installation, the fingerprint reader support software hides a subdirectory of C:\Windows\. Malware can also hide in there. Not only the software from the provided CD, but also the updated version from Sony's website install themselves as a rootkit.
The software probably uses its rootkit functions to prevent manipulation of the authentication system – in contrast to the copy protection rootkit, which tried to revoke user access. Apparently the MicroVault USB sticks in question are older products that are no longer being manufactured. Those not reliant on the software should preferably uninstall it, in order to eliminate a hiding place for malware. It is possible that Sony will be releasing an additional version which doesn't use rootkit techniques.
- Double Whammy! Another Sony Case (And it's Not BioShock), blog entry from F-Secure
(mba)