Ambitious malware variant signed with fake digital signature
Posted on 21.02.2011
New Zeus variants and spam campaigns that try to spread them far and wide are almost a daily occurrence, but once in a while some get more attention by security researchers than others.

This latest one has been singled out by Avira's researcher simply because the malware variant has been signed with a digital certificate issued to the company - or so it may seem at first glance.

Upon closer inspection, one can notice that something is wrong:


"Microsoft Windows shows a note 'A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider'," points out the researcher. "Donít misunderstand that message Ė it means that this certificate is not created by Avira GmbH and therefore itís not a stolen certificate."

This is not the first time that a Zeus variant has been discovered hiding behind a seemingly legitimate digital certificate - last time, Zeus peddlers used the digital signature for a Kaspersky tool designed to clean computers from precisely that Trojan family.






Spotlight

How security pros deal with cybercrime extortion

1 in 3 security professionals recommend negotiating with cybercriminals for the return of stolen data or the restoration of encrypted files. 86% of security professionals believed their peers at other organizations have brokered deals with cybercriminals.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Apr 1st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //