Sony has confirmed that rootkit-type technology was loaded on to some of its memory sticks and said it will be issuing software to address the issue later this month.

The security flaw was discovered by Mika Tolvanen, a researcher at security company F-Secure. He said the software found on the Microvault USB memory key could leave users vulnerable to a malware attack.

The findings, which came to light last week, were also confirmed by McAfee. The concern surrounds what is called an integrated fingerprint reader. This includes software that creates a hidden directory on the computer's hard drive under the "c:\windows\" directory.

Tolvanen warned the rootkit-like characteristics of this software could be very dangerous. He said it is possible to enter the hidden directory using a Command Prompt and from there create and run new hidden files.

He pointed out that if these new files contain malware it may not be detected by security software as some antivirus applications will be unable to access and scan the contents of this directory.

Now Sony has said in a statement: "While relatively small numbers of these models were sold, we are taking the matter seriously and conducting an internal investigation. No customers have reported problems related to situation to date."

The company also said the issue was limited to "three discontinued models of Sony's line of Microvault USB storage devices with fingerprint authentication capabilities".

Tolvanen agreed the software appeared to be limited to older models no longer manufactured, but said F-Secure research had uncovered devices still on sale with online retailers.

Sony has therefore decided to act to protect users of these keys from possible security breaches.

"While the software at the issue was developed by a third-party vendor in conjunction with our outsourced device manufacturer, as a precaution and to alleviate any potential concerns, we will be issuing downloadable software to address the situation by mid-September," the company said.