Rootkit Me One More Time

By Jimmy Daniels
Contributing Writer, RealTechNews

Sony, Sony, Sony. When celebs are mentioned having this many problems with something, it’s usually followed by a stay at some sort of rehab, so, Sony needs to check into the Rootkit Rehab Center closest to their headquarters. Yes, Sony and Rootkits once again in the same sentence. At least they admit to it, but it was another third party app, like the CD DRM rootkit fiasco awhile back.

The cloaking is most likely used to protect fingerprint authentication from tampering. Sony is attempting to protect the user’s own data. In the DRM case, Sony was attempting to restrict you – the user – from accessing the music on the CD you bought. So their intent was more beneficial to the consumer in this case.

However – this new rootkit (which can still be downloaded from sony.net) can be used by any malware author to hide any folder. We didn’t want to go into the details about this in our public postings, but we suppose the cat’s out of the bag now that our friends at McAfee blogged about this yesterday. If you simply extract one executable from the package and include it with malware, it will hide that malware’s folder, no questions asked.

We still haven’t received any kind of response from Sony International. Sony Sweden did however confirm in a public IDG story that the rootkit is indeed part of their software. Source: F-Secure

We Say: I couldn’t find the software on their site, so that is something, unless I just over looked it and it may be easier to just buy one locally to get the software. In this video below, McAfee demonstrates how all you have to do is drop one program into any folder to hide it completely. It will be interesting to see how many malware writers grab and use this program.

Sony’s USB software rootkit

Posted to Video Tutorials by eubeenhadd on September 03, 2007

Click to Play | View Details