Thursday, 11 December 2014

Destover malware signed with Sony certificate

It has been discovered a new variant of the dangerous malware attackers against Sony Pictures Entertainment have deployed and those with a digital certificate of the company is signed, so let researchers know. It is the "Destover" malware, which also last year against South Korean banks and television companies was used. On infected computers malware steals data and then removes all files, making the machines currently unusable.

During the attack on Sony, the attackers have the private keys captured and published that the company used to provide files of a digital certificate. However, they can also be used to sign malware, and then be used in further attacks, let anti-virus firm Kaspersky Lab know. They discovered Destover variant was signed on 5 December. Because Sony certificates are trusted by security makes this attack effectively. The digital certificate has been revoked, let certificate authority DigiCert via Twitter know.

Security Researcher Colin Keigher leave via Twitter that this is a "joke" among security researchers. A researcher who requested anonymity had found the certificate and discovered that it was the password file. Then this investigator signed the Destover malware with the Sony certificate and uploaded it to VirusTotal, which eventually landed at Kaspersky Lab.

No comments:

Post a Comment