Menu
Technical evidence links destructive malware to attack against Sony Pictures

Technical evidence links destructive malware to attack against Sony Pictures

The malware contains usernames, passwords and an image associated with Sony Pictures Entertainment, researchers said

The destructive malware program that the FBI alerted some companies about this week was likely used against Sony Pictures Entertainment, according to technical evidence found by researchers in the program's code.

Reports surfaced online Nov. 24 that the computer network of Sony Pictures Entertainment, a U.S.-based subsidiary of Sony, was infiltrated by hackers. The company's employees were reportedly no longer able to use their computers after a message from the attackers, a group called the Guardians of Peace (GOP), was displayed on their screens.

On Monday the FBI sent a confidential five-page alert to a number of private companies about a destructive malware program that can overwrite data on a computer's hard disk drive, including its master boot record that holds information about partitions.

Some security professionals speculated that the malware was used to attack Sony, but the FBI declined to confirm this hypothesis. However, security researchers from Trend Micro and AlienVault obtained samples of the malware described in the FBI warning and found strong evidence that it was used against Sony.

The malware, which Trend Micro detects as BKDR_WIPALL, has several components including diskpartmg16.exe, igfxtrayex.exe and usbdrv32.sys, the Trend Micro researchers said in a blog post Wednesday. The diskpartmg16.exe file is the initial installer and contains a set of encrypted usernames and passwords that are used to access the shared network, they said.

The credentials are intentionally blurred in a screen shot of the malware program's code that was published by Trend Micro, but visible parts show that they're arranged on lines starting with SPE, which likely stands for Sony Pictures Entertainment.

A bitmap image file called walls.bmp that is dropped by the malware on infected systems is an even stronger connection to the company. This file is a wallpaper containing the GOP message that Sony Pictures Entertainment employees reportedly saw on their computers.

Researchers from AlienVault also connected the malware to the attack against SPE.

"From the samples we obtained, we can say the attackers knew the internal network from Sony since the malware samples contain hardcoded names of servers inside Sony's network and even credentials -- usernames and passwords -- that the malware uses to connect to systems inside the network," said Jaime Blasco, director of AlienVault Labs, via email.

Read more: Buyer Beware: Five Cybersecurity Consumer Tips for the Holiday Season

The hackers who compiled the malware used the Korean language on their systems, according to Blasco. Some view this aspect as something that supports the theory that North Korean was behind the attack, but security experts say that is unlikely.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaresonytrend microintrusionAccess control and authenticationFederal Bureau of InvestigationSony Pictures EntertainmentAlienVault

Featured

Slideshows

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019

The channel came together for the inaugural Reseller News Emerging Leaders Forum in New Zealand, created to provide a program that identifies, educates and showcases the upcoming talent of the ICT industry. Hosted as a half day event, attendees heard from industry champions as keynoters and panelists talked about future opportunities and leadership paths and joined mentoring sessions with members of the ICT industry Hall of Fame. The forum concluded with 30 Under 30 Tech Awards across areas of Sales, Entrepreneur, Marketing, Management, Technical and Human Resources. Photos by Gino Demeer.

Upcoming tech talent share insights at inaugural Emerging Leaders Forum 2019
Show Comments