Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Destover Malware Signed By Stolen Sony Certificate

Posted by Soulskill on from the everything-but-the-kitchen-sink dept.

Trailrunner7 writes: Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used in a variety of attacks in recent years and it's representative of the genre of malware that doesn't just compromise machines and steal data, but can destroy information as well. The attackers who have claimed credit for the attack on Sony have spent the last couple of weeks gradually releasing large amounts of information stolen in the breach, including unreleased movies, personal data of Sony employees and sensitive security information such as digital certificates and passwords. The new, signed version of Destover appears to have been compiled in July and was signed on Dec. 5, the day after Kaspersky Lab published an analysis of the known samples of the malware.

1 of 80 comments (clear)

  1. Here come the certificate flaw deniers....... by Anonymous Coward · · Score: 3, Interesting

    Anyone working in IT will have no doubt come across those who I refer to as the "Certificate Crazies".

    These are people who, when confronted with a security issue of some sort, immediately try to remedy it with certificates.

    They insist on using certs everywhere from ssh authentication to signing apps. If certificates can be used, even if it makes the work unnecessarily awkward or even if it doesn't actually help in any way, they will insist on using certificates.

    And then normal people work around the awkwardness that certificates often bring, rendering them irrelevant.

    In practice, a certificate is nothing more than a long password that's impossible for a normal human to memorize. So it ends up in a file somewhere, if not several "somewheres", where it can be easily stolen. Unlike the password in somebody's head or even on a sticky note behind the monitor, these certificate files can often be stolen remotely!

    Meanwhile, the "Certificate Crazies" deny that this is a problem, even when confronted with stolen certificates that have been misused!

    After railing against passwords for so long, how they do these "Certificate Crazies" often suggest getting around problems with stolen certificates? Why, they recommend using a short, human-friendly password that's needed in order to use the certs!

    These people are a joke.