Code-signing certificate revoked in wake of discovery
By Iain Thomson, 10 Dec 2014
EXCERPT
These certificate were apparently taken from Sony Pictures servers, which were comprehensively ransacked by hackers at the end of November, and leaked online.
It's believed the infiltrators used a version of Destover to attack Sony's network. And it appears the stolen digital certs were used to sign another build of Destover on Friday, which then ended up in the wild over the weekend.
When Windows examines an executable, it looks to see if the program has been signed by a recognized, trusted developer before running the code. As far as the operating system was concerned, the signed Destover was legit.
"The stolen Sony certificates (which were also leaked by the attackers) can be used to sign other malicious samples," Kaspersky warned on Tuesday.
Full Article
