Many people remember the whole fiasco with Sony in regards to them putting rootkits on a variety of music CD’s which automatically installed themselves when people use the CD’s in their computer. You would think that Sony would have learned from this incident, but I guess they didn’t. Recently, they started selling a line of USB drives that do a similar thing as the CD’s: once inserted into your computer, they will install hidden files onto your computer. The files are even created in a directory called c:indows. Hmmm…. c:indows, C:\Windows; what are they trying to do here? One thing is for sure, I have definitely lost some of my trust with Sony products.

A line of USB drives sold by Sony Electronics Inc. installs files in a hidden folder that can be accessed and used by hackers, a Finnish security company charged today, raising the specter of a replay of the fiasco that hit Sony’s music arm two years ago when researchers discovered that its copy protection software used rootkit-like technologies.

According to F-Secure Corp., the fingerprint-reader software included with the Sony MicroVault USM-F line of flash drives installs a driver that hides in a hidden directory under “c:indows”. That directory, and the files within it, are not visible through Windows’ usual application programming interface, said F-Secure researcher Mika Stahlberg in a posting to the company’s blog today.

“[But] if you know the name of the directory, it is possible to enter the hidden directory using [the] command prompt, and it is possible to create new hidden files,” said Stahlberg. “There are also ways to run files from this directory.”[more]

Tags: Malware