New contribution from Sony to virii scene

Posted on Thursday, August 30, 2007 in Software, Intellectual property

New contribution from Sony to virii scene

on Thursday, August 30, 2007

Do you remember? The infamous case of Sony slipping us a rootkit with some of their audio CDs that includes the issue that hides files and registry entries beginning with $sys$, even with registry editors and some antivirus, giving the work done to virii, trojans and other malware. The scandal was immediate and the story spread widely, this is why now sounds so surprising that Sony tried the same again, this time with its USB memory sticks. It was discovered by F-Secure and heard by McAfee that showed its perplexity about Sony hitting the same stone twice and shows us that this time is even easier: it even isn't needed the user to install Sony's rootkit in order to take its advantages to virii scene, since this time the way they hide the rootkit (of course, at the API layer, so antivirus can't reach it) is with an executable file that blocks access to the directory it's executed from. Proved by a video that executing it in %windir% blocks access to the entire directory getting a useless Windows (if you'll forgive the repetition).