Certificate Snatching—ZeuS Copies Kaspersky’s Digital Signature

[tgell]

Quote:

While conducting continuous threat-monitoring activities, Trend Micro threat researchers identified multiple suspicious files that included a strange digital signature. This signature immediately caught our attention, as it seemed to be signed by legitimate antivirus company Kaspersky.

Article

[chronomatic]

Lesson: Check hashes on these certs

A related story posted a while back is in this thread. There I break down a lot of reasons why I think this latest fear mongering over rogue peeps jacking certs is vastly overstated and overall is nothing to worry about if basic precautions (i.e., checking hashes) are taken.

[funkydude]

I'd wouldn't really call this an issue, the screenshots themselves show that the certificates are infact invalid.

I'd be far more concerned over malware like stuxnet that managed to get Realtek's actual key and signed their malware with a valid certificate, Microsoft had to invalidate that certificate from Verisign.

[chronomatic]

Quote:

Originally Posted by funkydude

I'd wouldn't really call this an issue, the screenshots themselves show that the certificates are infact invalid.

I'd be far more concerned over malware like stuxnet that managed to get Realtek's actual key and signed their malware with a valid certificate, Microsoft had to invalidate that certificate from Verisign.

Realtek peeps are idiots then. They should never store their master key in a place where malware can touch it. Furthermore, the malware would have to have some way of cracking the key's passphrase (unless the private key had no passphrase, which is total idiocy).

Let me add, that this non-story the OP posted is nothing but a way for Trend Micro to attempt to make Kaspersky look bad (even though Kaspersky did nothing wrong whatsoever and this "issue" is indeed a non-issue). The hashes don't match. I mean that's what hashes are for. Everything is working as it's supposed to work! This is actually a very retarded story. "Full retard" at that.

[CogitoTesting]

There is a thread already for that subject. Please continue the conversation there instead.

http://www.wilderssecurity.com/showthread.php?t=278822


Thanks.

[funkydude]

Quote:

Originally Posted by chronomatic

Let me add, that this non-story the OP posted is nothing but a way for Trend Micro to attempt to make Kaspersky look bad (even though Kaspersky did nothing wrong whatsoever and this "issue" is indeed a non-issue). The hashes don't match. I mean that's what hashes are for. Everything is working as it's supposed to work! This is actually a very retarded story. "Full retard" at that.

I agree.

Quote:

Originally Posted by chronomatic

Realtek peeps are idiots then. They should never store their master key in a place where malware can touch it. Furthermore, the malware would have to have some way of cracking the key's passphrase (unless the private key had no passphrase, which is total idiocy).

Well it's not confirmed how they got Realtek's key but some people believe blackmail/goverments were involved. I believe they got a key from another Taiwanese company also.