Earlier this week, it was reported that the a variant of the Destover malware used in the Sony attack had been signed with one of Sony's own certificates and was circulating in the wild. However, it was later discovered that this was not true. The malware was signed by a researcher who found the certificate in a dump of Sony data. The researcher then signed the malware with the certificate and uploaded it to VirusTotal, perhaps to check the number of antivirus software variants that detected the newly signed malware file.
|VirusTotal, not good for OPSEC|