View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 10, 2014

Destover malware found with Sony signature

New samples indicate digital certificates have been leaked, says Kaspersky Lab.

By Jimmy Nicholls

A sample of the Destover malware, thought to be responsible for the massive corporate breach at Sony, appears to have been digitally signed by the company, according to the security firm Kaspersky Lab.

The signature applied to the sample was dated on December 5, almost two weeks after the attack by the hacking group Guardians of Peace took place, and is said to indicate that certificates have been leaked as part of the attack.

"The stolen Sony certificates (which were also leaked by the attackers) can be used to sign other malicious samples," Kaspersky’s Global Research and Analysis team said.

"In turn, these can be further used in other attacks. Because the Sony digital certificates are trusted by security solutions, this makes attacks more effective."

Unusually the virus also links to two command and control (C&C) servers, which are used by hackers to send instructions to malware, one being based in the US while the other is in Thailand.

Kaspersky has informed several security companies of the problem and hopes that the certificates will be blacklisted soon.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.