An FBI “Flash” released earlier this week provides a fascinating window into the recent super-hacking attack that could be considered a harbinger of next-generation cyber-crime and cyber-warfare
“The malware used in the attack, which has been described by a Sony spokesperson as “very sophisticated,” is almost certainly the same as that identified in the FBI memo. That malware uses Microsoft Windows’ own management and network file sharing features to propagate, shut down network services, and reboot computers—and files named for key Windows components to do most of the dirty work of communicating with its masters and wreaking havoc on the systems it infects.
While the FBI memo provided a means to detect the “beacon” message used by the malware to communicate back to the command and control (C&C) servers used by the attackers who planted it, that information by itself may not protect targeted organizations. That’s because the malware only begins to broadcast back to the C&C servers once it’s been launched—and deletion of data on the targeted network has already begun.”
Read the entire article at ARS Technica