Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

New Trend For Certificate Signed Malware

Imperva : 16 November, 2011  (Technical Article)
Imperva comments on the use of digital certificates for signing malware in a new trend emerging in IT security threats
New Trend For Certificate Signed Malware
Tal Be’ery, Imperva’s Web Security Research Team Leader comments on how a governmental digital certificate has been used to sign malware. According to a report by F-Secure, the certificate was used to sign a piece of malware which has been spread through malicious PDF files, dropped after an Acrobat Reader 8 exploit had taken place.

“Once more we are seeing an example of the growing trend in the theft of issued certificates by cyber-criminals. This time, F-Secure published an analysis of a widespread malware strain which used a stolen certificate belonging to the Malaysian Agricultural Research and Development. By using the stolen certificate, the malware appears to the operating system as a legitimate application and thus evades detection. We can expect to see more stories of stolen certificates in the upcoming year, as hackers have come to understand that the weakest link in SSL is the Public Key Infrastructure (PKI). PKI deals with all aspects of digital certificates – and hackers are launching a brutal attack against it.

Attackers have compromised repeatedly various Certificate Authorities (CA)  organizations this year including
DigiNotar and GlobalSign. This is a direct consequence of the commoditization of certificates as smaller; less competent organizations are taking larger pieces of the certificate market. At the same time, any CA can issue a digital certificate for any application not having to receive consent from application owner. When hackers gain control on any CA they can use it to issue fraudulent certificates and masquerade any website.

The same is true for code signing certificates - Stealing the organization's code signing certificate is like stealing its rubber stamp. A stolen rubber stamp enables the attacker to sign on cheques and fill in an arbitrary amount and beneficiary. The bank will trust the cheque since it's signed. A stolen code signing certificate enables the attacker to sign on whatever code they like. The browser will trust the downloaded code since it is properly signed. Therefore, code signing certificate is, and will continue to be, a prime target for malware distributers.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo