Ambitious malware variant signed with fake digital signature
Posted on 21.02.2011
New Zeus variants and spam campaigns that try to spread them far and wide are almost a daily occurrence, but once in a while some get more attention by security researchers than others.

This latest one has been singled out by Avira's researcher simply because the malware variant has been signed with a digital certificate issued to the company - or so it may seem at first glance.

Upon closer inspection, one can notice that something is wrong:


"Microsoft Windows shows a note 'A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider'," points out the researcher. "Donít misunderstand that message Ė it means that this certificate is not created by Avira GmbH and therefore itís not a stolen certificate."

This is not the first time that a Zeus variant has been discovered hiding behind a seemingly legitimate digital certificate - last time, Zeus peddlers used the digital signature for a Kaspersky tool designed to clean computers from precisely that Trojan family.






Spotlight

The Software Assurance Marketplace: A response to a challenging problem

Posted on 20 October 2014.  |  The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has recognized how critical the state of software security is to the DHS mission.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //