Destover malware found with Sony signature

A sample of the Destover malware, thought to be responsible for the massive corporate breach at Sony, appears to have been digitally signed by the company, according to the security firm Kaspersky Lab.

The signature applied to the sample was dated on December 5, almost two weeks after the attack by the hacking group Guardians of Peace took place, and is said to indicate that certificates have been leaked as part of the attack.

"The stolen Sony certificates (which were also leaked by the attackers) can be used to sign other malicious samples," Kaspersky’s Global Research and Analysis team said.

"In turn, these can be further used in other attacks. Because the Sony digital certificates are trusted by security solutions, this makes attacks more effective."

Unusually the virus also links to two command and control (C&C) servers, which are used by hackers to send instructions to malware, one being based in the US while the other is in Thailand.

Kaspersky has informed several security companies of the problem and hopes that the certificates will be blacklisted soon.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing