Thursday, August 30, 2007

Here we go Again, with Sony Rootkits!

Remember the Sony rootkit saga? yes the music cd's with hidden programs. You would think that someone will learn from his/her mistakes but I think Sony has utter disregard for us or is the corporation is filled with dumb nuts. Look at PS3, a great product, beaten by Wii and XBOX. Just to remind, when PS2 came out, I could not wait for it to come to USA, I got one from Japan! I still have not bought a PS3, But I do have Wii and a XBOX! My first digital camera was a Sony! Now I don't even look at Sony when it come to cameras. Canon and Olympus with Casio fills my camera racks. Believe me, there has been a few digital cameras since that first Sony! I think next time when I have to explain what is a moron is, I have a good candidate!
So what did Sony did this time?
F-Secure revealed on Monday;
"Hypothetical: Imagine that you visit your local mall and browse around for stuff to buy. And you decide to buy a new CD from your favorite artist and you also buy a brand new cool USB stick thingy on an impulse. You go home and stick the CD into your laptop's CD drive. It prompts you to install some software. You do so and while you are listening to the music, you open the USB stick package and start experimenting with your new toy. It has a fingerprint reader so you install the software for that as well. Guess what… you might have just installed, not one, but two different rootkit-like software on your laptop.

We received a report that our F-Secure DeepGuard HIPS system was warning about a USB stick software driver. The USB stick in question has a built-in fingerprint reader. The case seemed unusual so we ordered a couple of USB sticks with fingerprint authentication. We installed the software on a test machine and were quite surprised to see that after installation our F-Secure BlackLight (which I am running right now just to check, even though I have not bought this USB drive or any SONY CD's) rootkit detector was reporting hidden files on the system."
his new rootkit (which can still be downloaded from can be used by any malware author to hide any folder. We didn't want to go into the details about this in our public postings, but we suppose the cat's out of the bag now that our friends at McAfee blogged about this yesterday. If you simply extract one executable from the package and include it with malware, it will hide that malware's folder, no questions asked.

We still haven't received any kind of response from Sony International. Sony Sweden did however confirm in a public IDG story that the rootkit is indeed part of their software.

No comments: