SophosLabs blog

Yesterday the news sites picked up on the story of a possible rootkit on a Sony USB fingerprint device. Those of us who were in the business two years ago remember the last time this happened on a music CD when a rootkit was used to protect intellectual property (see here).

The Micro Vault device does not immediately appear to be available outside North America with Sony saying it is no longer sold. However, with multiple labs round the world we were able to dispatch an analyst to take their coffee break in downtown Vancouver and go to the shops and locate a device. What followed was the usual techie desire to pull it apart (maybe he should have bought two).

What we can tell you is that in an attempt to protect intellectual property the device does install a rootkit onto the hard drive in a folder and stealths itself and the folder so it cannot be seen by normal means. Sadly, this does mean that any malware that is placed in that folder will not be visible through normal means and this is the fundamental problem with using rootkit technology as was shown with Troj/Stinx-E in 2005.

We will provide detection for the rootkit as a Potentially Unwanted Application but in the meantime, if you are concerned that your system has potentially had this installed in the past then you can use Sophos Anti-Rootkit which has always been able to detect this particular rootkit .

Posted on August 29th, 2007 by Stuart Taylor, Manager SophosLabs UK
Filed under: General, Malware

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Harbouring a Criminal
• Sony PlayStation - Revisited
• Tomb Raider Strikes Back
• Twitter XSS Strikes Again
• Mario Strikes!