The included fingerprint-reader software in Sony's MicroVault USM-F line of USB drives installs files in a hidden folder under "c:windows" that can be used maliciously, Finnish security company F-Secure has found. That directory and the files within it are not visible through Windows' usual APIs. "[But] if you know the name of the directory, it is possible to enter the hidden directory using [the] Command Prompt, and it is possible to create new hidden files. There are also ways to run files from this directory," said F-Secure researcher Mika Tolvanen. F-Secure has not yet received a reply from Sony when the security company notified them about a month ago that its rootkit-sniffing software, BlackLight, had reported hidden files on a system with the MicroVault software.
Just like in the Sony BMG rootkit case in late 2005, the directory goes unspotted by some antivirus scanners. Then, researchers spotted rootkit-like cloaking technologies used by the copy-protection software Sony BMG Music Entertainment installed on PCs when customers played the label's audio CDs. "Sony doesn't do any of its own development in this area; it looks like a Chinese company did it," said Mikko Hypponen, F-Secure's chief research officer. Less than two weeks after the first reports of Sony's mishap, new Trojan horses used Sony's code to hide from security software. The MicroVault software is cloaking the folder for good reason: to protect the fingerprint reader's authentication files from being tampered with or circumvented. "What's not justified is that others can use this folder," said Hypponen.
News source: InfoWorld