Stolen Government Certificate Signed Malware is an Upcoming Trend
According to a report by F-Secure, the certificate was used to sign a piece of malware which has been spread through malicious PDF files, dropped after an Acrobat Reader 8 exploit had taken place.
Tal Be’ery, Web Security Researcher at Imperva comments "Once more we are seeing an example of the growing trend in the theft of issued certificates by cyber-criminals. This time, F-Secure published an analysis of a widespread malware strain which used a stolen certificate belonging to the Malaysian Agricultural Research and Development. By using the stolen certificate, the malware appears to the operating system as a legitimate application and thus evades detection.
We can expect to see more stories of stolen certificates in the upcoming year, as hackers have come to understand that the weakest link in SSL is the Public Key Infrastructure (PKI). PKI deals with all aspects of digital certificates – and hackers are launching a brutal attack against it. Attackers have compromised repeatedly various Certificate Authorities (CA) organizations this year including DigiNotar and GlobalSign. This is a direct consequence of the commoditization of certificates as smaller; less competent organizations are taking larger pieces of the certificate market. At the same time, any CA can issue a digital certificate for any application not having to receive consent from application owner. When hackers gain control on any CA they can use it to issue fraudulent certificates and masquerade any website.
The same is true for code signing certificates - Stealing the organization's code signing certificate is like stealing its rubber stamp. A stolen rubber stamp enables the attacker to sign on cheques and fill in an arbitrary amount and beneficiary. The bank will trust the cheque since it's signed. A stolen code signing certificate enables the attacker to sign on whatever code they like. The browser will trust the downloaded code since it is properly signed. Therefore, code signing certificate is, and will continue to be, a prime target for malware distributers."
About Imperva: Imperva, a Data Security company, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment.
Don't have a current membership with ContactCenterWorld.com?
become a member and connect with the rest of the Contact Center Industry at ContactCenterWorld.com here
Forum Profile
Job Title:
(Display this on the Forum)
Company:
(Display this on the Forum)
Neither the Administrators of these forums, or the Moderators participating, are responsible for the privacy practices of any user. Remember that all information that is disclosed in these areas becomes public information and you should exercise caution when deciding to share any of your personal information. Any user who finds material posted by another user objectionable is encouraged to contact us via e-mail. We are authorized by you to remove or modify any data submitted by you to these forums for any reason we feel constitutes a violation of our policies, whether stated, implied or not.
This site may contain links to other web sites and files. We have no control over the content and can not ensure it will not be offensive or objectionable. We will, however, remove links to material that we feel is inappropriate as we become aware of them.
By pressing the "Agree" button, you agree that you, the user, are 13 years of age or over. You are fully responsible for any information or file supplied by this user. You also agree that you will not post any copyrighted material that is not owned by yourself or the owners of these forums. In your use of these forums, you agree that you will not post any information which is vulgar, harassing, hateful, threatening, invading of others privacy, sexually oriented, or violates any laws.
If you do agree with the rules and policies stated in this agreement, and meet the criteria stated herein, proceed to press the "Agree" button below, otherwise press "Cancel".
If you have any questions about this privacy statement or the use of these forums, you can contact the forum administrator at: rajw@contactcenterworld.com
-medium-logo.jpg){kind=logo}
