To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39168326,00.htm

Sony USB device harbouring "nasty" rootkit
Déjà vu anyone?

By Liam Tung

Published: Monday 03 September 2007

Sony says the rootkit-like behaviour of a device driver used to run its biometric Micro Vault USM-F thumb drive was unintentional.

A Sony Sweden spokesman told local press that sometimes even actions undertaken with "good will" can go wrong.

His comments came the same day that antivirus company McAfee joined a growing chorus of companies criticising Sony for compromising its customers' security. The Micro Vault drive is a USB device featuring fingerprint-reading software intended to add an extra layer of security for PC users. The software needed to be installed on the PC for the USB to work contains the rootkit technology.

The criticism is reminiscent of that directed at Sony BMG Music Entertainment in November 2005, when a programmer revealed that a technique designed to cloak the company's copy-protection software for music CDs also could be used by virus writers to hide malicious software.

McAfee reported that Taiwan's FineArt Technology, which makes encryption software for PCs and laptops, was responsible for creating the offending USB software.

McAfee security specialists Aditya Kapoor and Seth Purdy wrote in a blog: "The authors apparently did not keep the security implications in mind [when designing the installation method]."

Kapoor and Purdy catalogued the incident as one of the worst examples of "nasty rootkits that use blended techniques to hide or protect themselves".

Echoing concerns expressed by another security specialist, F-Secure's Patrik Runald, the McAfee bloggers said the default installation path does nothing to stop malicious-software authors from copying code to a directory of their choice and executing it in that location.

They added that another easy hack for malicious-software authors would be to launch code from their chosen directory and add a start-up entry for the software to ensure it is hidden immediately as the PC boots up.

Sony Australia has not responded to multiple requests for comment.

Liam Tung writes for ZDNet Australia