Sony USB rootkit fiasco a lot of hot air

August 29, 2007

By now you have probably already heard about a new Sony rootkit that comes bundled with the Sony Micro Vault (a USB drive with fingerprint scanning capabilities).

It is important to note that this "rootkit" is not nearly as severe as the 2005 Sony BMG rootkit. Anti-virus company F-Secure presents an excellent list of reasons explaining the differences between the Sony USB Rootkit and the Sony BMG Music Rootkit.

Furthermore the three Sony Micro Vault models that employ the fingerprint-scanning technology are no longer being manufactured. Those were part of the USM-F product line, which was discontinued last year.1,2

In the aftermath of the Sony BMG rootkit scandal, there were at least 15 class action lawsuits filed against Sony in several U.S. states, and over half a million networks, including military and government sites, were thought to have been infected by the rootkit (a world map showing those infected nodes can be seen here).3,4




1. "Sony's Spyware Strikes Back", Forbes, August 29, 2007

2. "Rootkit woes for Sony again?", CNET, August 28, 2007

3. "Researchers Root Out New Sony Rootkit", TechNewsWorld, August 28, 2007

4. "Sony Numbers Add Up to Trouble", Wired, November 15, 2005