January 7, 2015
US-CERT has released an advisory regarding the sophisticated malware that the attackers of Sony Pictures used. According to the advisory, the attackers used a Server Message Block (SMB) Worm Tool to disrupt the company’s infrastructure. The tool is equipped with five components, including a listening plant, a lightweight backdoor, a proxy tool, a destructive hard drive tool and a destructive target cleaning tool.
According a Securityweek article: “The SMB worm propagates through an infected network via brute-force authentication attacks, and connects to a command and control (C2) infrastructure with servers located in Thailand, Poland, Italy, Bolivia, Singapore and the United States.”
An organization infected with this malware could experience operational impacts, including loss of intellectual property and disruption of critical systems.
Users and administrators are recommended to take preventative measures, such as using and maintaining anti-virus software, keeping software up to date, reviewing security tips for handling destructive malware and reviewing practices for control systems with defense-in-depth strategies.