Another Sony rootkit has emerged via one of its new applications–the Sony MicroVault USM-F fingerprint reader application. The said application allows a user to restrict access to files stored in the Sony MicroVault USM-F USB drive through the recognition of user-preset fingerprints.
Once the application is installed, this rootkit is also installed as a driver capable of hiding processes under the Windows folder. The path and files inside the hidden process are therefore not visible to the user. However, it is possible to gain access to the Hidden directory by using Command Prompt and there is now the possibility for the creation of new files. Files may also be run from the said directory. Files may even remain hidden from some antivirus scanners, depending on the capabilities of the antivirus software. With these characteristics and with the right stealth tactics, malicious files can be kept in hiding.
This is not the first time that Sony products were used to the advantage of malware authors. In 2005, rootkit technology in the DRM (digital rights management systems) software bundled with Sony CDs was exploited by malicious users. A Trojan took advantage of the fact that the said technology in the software masked files with the string $sys$ by dropping the file $sys$drv.exe in the Windows system directory.
The said DRM technology, although used to protect Sony’s products, had been considered a big risk by security experts, as malware authors could ride on its coattails. And their suspicions were right and at the time.
It is not believed that MicroVaults with fingerprint reader application are still widely available but users who may have it or are yet to purchase one should beware of the rootkit, which Trend Micro detects as RTKT_XCP.B.