Wednesday, August 29, 2007

I still haven't collected on the last rootkit scandal

Of course we bought CDs that had the Sony rootkit on them. Luckily I don't have a microvault which has the newest rootkit on it! :
From Reuters here:

Software included with high-end memory sticks sold by Sony Corp can make personal computers vulnerable to attack by computer hackers, according to researchers with two Internet security firms.

Sony’s MicroVault USB memory stick and fingerprint reader includes software that creates a hidden directory on the computer’s hard drive, researchers with Finnish security software maker F-Secure Corp reported on the company’s blog on Monday.

Such software that hides itself, which is known as a root kit, leaves room for hackers to secretly infect personal computers, they said.

F-Secure’s blog posting said it attempted to contact Sony before alerting the public about the software, but the company had not replied.

On Tuesday, researchers with McAfee Inc. said they had confirmed the vulnerability described by F-Secure.

“The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives,” said McAfee spokesman Dave Marcus. “However, software creators apparently did not keep the security implications in mind. The application could be used to hide arbitrary software, including malicious software.”

This is not the first time F-Secure has found Sony software installing hidden directories on the drives of its customers. In 2005 there was a similar situation involving the electronics maker’s digital rights management software, security experts say.

On F-Secure’s blog today, the security group confirms that the rootkit can be used by malware authors to hide any file folder.

This new rootkit (which can still be downloaded from can be used by any malware author to hide any folder. We didn’t want to go into the details about this in our public postings, but we suppose the cat’s out of the bag now that our friends at McAfee blogged about this yesterday. If you simply extract one executable from the package and include it with malware, it will hide that malware’s folder, no questions asked.

Nested quoted quotes! :)

Thanks to Pat who passes me some tasty geekery.


BelchSpeak said...

Hee, you're welcome, Poppy. I've been sitting back all afternoon going over purchase orders for our org looking to see if anyone bought one of these gizmos- nothing so far, but I have a big shop.

McAfee blogged that if you take a single executable from the software pack and drop it into the system32 dir, it makes windows stop working because it hides the folder. DOS much?

Poppy Cede said...

YAR! LOVE IT when DOS saves the day!

My years of command line are so totally worth it. Love the command line...

*clappy hands*

Avitable said...

You'd think Sony would have learned by now.