The utilities were discovered as Damballa was investigating a new version of the “Destover” malware, which rendered thousands of computers unusable at Sony after attackers stole gigabytes of sensitive company information.
One key question in the Sony breach is how the attackers were able to evade security systems. What Damaballa found are two utilities that help mask new files introduced to a system.