Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    Another Sony rootkit has emerged via one of its new applications–the Sony MicroVault USM-F fingerprint reader application. The said application allows a user to restrict access to files stored in the Sony MicroVault USM-F USB drive through the recognition of user-preset fingerprints.

    Once the application is installed, this rootkit is also installed as a driver capable of hiding processes under the Windows folder. The path and files inside the hidden process are therefore not visible to the user. However, it is possible to gain access to the Hidden directory by using Command Prompt and there is now the possibility for the creation of new files. Files may also be run from the said directory. Files may even remain hidden from some antivirus scanners, depending on the capabilities of the antivirus software. With these characteristics and with the right stealth tactics, malicious files can be kept in hiding.

    This is not the first time that Sony products were used to the advantage of malware authors. In 2005, rootkit technology in the DRM (digital rights management systems) software bundled with Sony CDs was exploited by malicious users. A Trojan took advantage of the fact that the said technology in the software masked files with the string $sys$ by dropping the file $sys$drv.exe in the Windows system directory.

    The said DRM technology, although used to protect Sony’s products, had been considered a big risk by security experts, as malware authors could ride on its coattails. And their suspicions were right and at the time.

    It is not believed that MicroVaults with fingerprint reader application are still widely available but users who may have it or are yet to purchase one should beware of the rootkit, which Trend Micro detects as RTKT_XCP.B.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice