The software’s rootkit-like behavior was unveiled by F-Secure. The company noted that the MicroVault USM-F fingerprint reader software installed a driver that hid a directory under "c:\windows\". If known, the directory could’ve been used to hide certain files from anti-virus applications, including various forms of malware.
Furthermore, it was later discovered that not only the software featured on the USB sticks was acting this way, but also the latest version of the software.
At that time it was thought that this was the software’s way of protecting the fingerprint authentication from being tampered with. The company later confirmed it to be true and blamed the new scandal on the code supplied by a developer from China.
Sony’s first nightmare featuring rootkit technology dates from 2005, when the copyrights protection software installed on the company’s music CDs could’ve been (and, consequently, was) used to open security holes for malware.
Random thought: Sony is a Japanese company. Is "It’s all the Chinese developer’s fault!" the local equivalent of "Blame Canada"?