F-Secure finds malware signed with stolen digital certificate
- 15 November, 2011 03:24
- Comments
Researchers from security vendor F-Secure have spotted a rare malicious software sample that carried a valid code-signing certificate from a Malaysian governmental institution.
A code-signing certificate is a kind of digital signature that ensures the authenticity and integrity of an application to be run on a computer. Malicious software programs often present fake digital signatures, but ones that are legitimate and attached to malware are rare, said Mikko Hypponen, chief research officer for F-Secure.
The certificate was signed by "anjungnet.mardi.gov.my," which is part of Malaysia's Agricultural Research and Development Institute. Hypponen said F-Secure contacted the organization, which then found that a Windows server responsible for generating the certificates had been hacked.
The organization said it was unsure how long the server may have been compromised, Hypponen said.
Hypponen said the malware using the certificate was a "backdoor," or an application that can steal information or download other programs to an infected machine. The malware was distributed by a PDF file that had been rigged to exploit a vulnerability in Adobe's Reader 8 application.
Obtaining the secret key isn't enough to generated a code-signing certificate, Hypponen said. An attacker would also have to know a password in order to generate a certificate. He said that could have been obtained by infecting one of the organization's computers with a keylogging program.
It is quite rare for malware to have a valid certificate, although the one associated with this malware is no good now since it expired at the end of September. Nonetheless, since the discovery, the secret key used to generate the certificate has been revoked.
Other components of the malware were also digitally signed, though not by the Malaysian government entity. Hyponnen said the other components were signed by "esupplychain.com.tw," an unknown entity.
Send news tips and comments to jeremy_kirk@idg.com
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- Consolidating Applications with Oracle Solaris Containers
- Eight threats your antivirus won’t stop - Why you need endpoint security
- Stella Travel Services embarks on a strategic refresh of print operations
- Work Life Web 2011
- Developing an Information Strategy - Strategize, Align, Govern, Execute, and Optimize
-
Apple aims iPads at High Schools
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Google Jumps Into Social Bookmarks Game
-
NBN build gaining momentum daily: Quigley
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Unified Communications Strategy Guide
Articles include: How to ensure a successful UC project; Five reasons to set up unified communications; Unified communications: Is your network ready?; How to get the most from unified communications. Read this Computerworld Strategy Guide. -
Improving Productivity in the Connected Enterprise Through Collaboration
In the market for collaborative applications, a large convergence is beginning to take hold, and the consumerization of IT is central to this movement. The technologies that people use as consumers are impacting the way employees, customers, and partners want to interact and collaborate at work. People want to take the same technology experiences that are available at home and plug them into their daily work lives. This movement is setting worker expectations as both employees and corporate consumers. Workers need to have the choice and flexibility to consume the applications they want, where they want, and on their preferred device. Read on. -
Why Encrypt? Securing Email without compromising communications.
Encryption is a vital component of any DLP strategy. It allows businesses to exchange sensitive information without compromising on security; even if data is intercepted, encryption makes it unreadable and renders it tamper-proof. Read on.
-
Teach Yourself Visually Windows 7
-
Computers for Seniors for Dummies, 2nd Edition
-
Windows 7 for Dummies® Dvd+book Bundle
-
Windows 7 for Dummies®
-
Microsoft Office
-
MYOB Software for Dummies 6E Australian Edition
-
Office 2007 All-In-One Desk Reference for Dummies
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Seniors for Dummies®
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment