Digitally signed malware is increasingly prevalent, researchers say

Discussion in 'malware problems & news' started by ronjor, Mar 15, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    No surprises there.
     
  3. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Is it possible, for an experienced user, to use the advanced details GUI to get more info on the publisher on Windows Vista or 7, and by that determine it is stolen?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
    Doubtful unless the information that the certificates were stolen was available.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I don't understand...

    If the malware gets that far, then the organization doesn't have proper security in place.

    Stuxnet, for example, if people have forgotten:

    Possible New Rootkit Has Drivers Signed by Realtek
    July 15, 2010
    http://threatpost.com/en_us/blogs/possible-new-rootkit-has-drivers-signed-realtek-071510
    If no secure USB policies were in place, then protection against unauthorized excutables would stop this at the gate.


    ----
    rich
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I am relying on digital signatures for three years now (UAC deny elevation of unsigned programs). So I have been following news on this item with some attention.

    Until now the "in the wild" statistics of signed malware versus updated black lists of AV's are by far in the advantage of signed malware (more scarce than malware not yet listed in AV data bases).
     
    Last edited: Mar 16, 2012
Loading...
Thread Status:
Not open for further replies.