The highly destructive malware believed to have hit the networks of Sony Pictures Entertainment contained a cocktail of malicious components designed to wreak havoc on infected networks, according to new technical details released by federal officials who work with private sector security professionals.

An advisory published Friday by the US Computer Emergency Readiness Team said the central malware component was a worm that propagated through the Server Message Block protocol running on Microsoft Windows networks. The worm contained brute-force cracking capabilities designed to infect password-protected storage systems. It acted as a "dropper" that then unleashed five components. The advisory, which also provided "indicators of compromise" that can help other companies detect similar attacks, didn't mention Sony by name. Instead, it said only that the potent malware cocktail had targeted a "major entertainment company." The FBI and White House have pinned the attack directly on North Korea, but so far have provided little proof.

"This worm uses a brute force authentication attack to propagate via Windows SMB shares," Friday's advisory stated. "It connects home every five minutes to send log data back to command and control (C2) infrastructure if it has successfully spread to other Windows hosts via SMB port 445. The tool also accepts new scan tasking when it connects to C2."

The additional components spread by the dropper worm included a listening implant, a lightweight backdoor, a proxy tool, a destructive hard drive tool, and a destructive target cleaning tool. The malware also contains the ability to self-propagate throughout a targeted network through built-in Windows shares.

The details are mostly of interest to IT administrators and security people responsible for maintaining and defending the networks of large organizations. The advisory included cryptographic hash digests of each malware component, the IP addresses of outside servers infected machines connect to, and other signs of compromise. The release also included recommendations other US companies should follow to prevent sustaining the same catastrophic attack. The recommendations, however, largely consisted of general advice such as running antivirus software, installing security updates in a timely fashion, and enforcing strong password policies, things all organizations should already have been doing.

"Because of the highly destructive functionality of the malware, an organization infected with the malware could experience operational impacts including loss of intellectual property (IP) and disruption of critical systems," US CERT stated. "Actual impact to organizations may vary depending on the type and number of systems impacted."