Security Firm, Kaspersky Labs, Reports that, a New Sample of the Destover Malware — the Malware Family Used in the Recent Attack on the Networks of Sony Pictures — has been Found Bearing a Valid Digital Signature that Could Help it Sneak Past Security Screening on Some Windows Systems. And that Digital Signature is Courtesy of a Certificate Stolen from Sony Pictures. The Newly Discovered Variant of the Malware was Signed on December 5 and is Otherwise Identical to a Version Compiled in July. It Attempts to Connect to 2 Different Command and Control Servers, Both Previously Associated with the Malware that Took Down Sony Pictures — One at a University in Thailand and Another Associated with a Business Customer of Time Warner Cable in Champlain, New York.
According to a Post by Kaspersky Lab’s Global Research and Analysis Team, the Malware Alternates Attempts at Connections between the 2 IP Addresses, Pausing between Attempts.
The Version that was Used to Spread the “Wiper” Malware that Took Down Sony Pictures was Compiled just Days before that Attack and included Hard-Coded Instructions for Attacking Infrastructure within Sony’s Network. The New Signed Version Appears to be a More General-Purpose Version of the Backdoor and Could Conceivably be Part of a Botnet Toolkit Used to Deliver Other Malware. The Signature Could Allow the Malware to be Installed without being Stopped by Corporate System Management Measures such as Application Whitelisting — especially if it was Intended to Re-Target Sony Pictures’ Network for Another Attack.
Info Source:
http://securelist.com/blog/security-policies/68073/destover-malware-now-digitally-signed-by-sony-certificates
sexta-feira, 12 de dezembro de 2014
Sony Attackers also Stole Certificates to Sign Malware
14:51
No comments
0 comentários:
Enviar um comentário