Damballa finds tools related to the malware that hit Sony

Security company Damaballa said it has found two utilities that are closely related to capabilities seen in the destructive malware that hit Sony Pictures Entertainment last year.

The utilities were discovered as Damballa was investigating a new version of the “Destover” malware, which rendered thousands of computers unusable at Sony after attackers stole gigabytes of sensitive company information.

One key question in the Sony breach is how the attackers were able to evade security systems. What Damaballa found are two utilities that help mask new files introduced to a system. 

“Both utilities would be used during an attack to evade detection while moving laterally through a network to broaden the attack surface,” wrote senior threat researchers Willis McDonald and Loucif Kharouni, in a blog post on Wednesday.

To read this article in full or to leave a comment, please click here

Read more: Damballa finds tools related to the malware that hit Sony

Story added 19. November 2015, content source with full text you can find at link above.