This is my personal view and comments on the issues and events that I feel a need to talk about or express my view. You don't have to agree, but lets carry on a adult, discussion and maybe you will see it the right way, mine. ;)

A recently identified ZeuS trojan sample is digitally signed with a fake certificate whose purpose is to make the piece of malware harder to detect. According to security experts from Avira who discovered the sample, the digital certificate is signed by an entity called "DetectMe " and dates since the end of February. Although the ability to digitally sign code has been around since Windows NT, the practice has only seen more adoption starting with Vista where the difference between signed and unsigned executables is clearly noticeable in User Access Control alerts. Digitally signed malware, as in malicious programs that actually use a valid certificate signed by a trusted CA, are rare because the benefits of doing it are hardly worth the trouble. Nevertehless, some malware authors sign their creations with forged certificates occasionally in an attempt to trick less sophisticated file scanners or the users themselves. ZeuS bot runners in particular seem to be more inclined to do this than others.


Comments
on Apr 15, 2011

Diabolical!  But not totally unexpected.

Meta
Views
» 225
Comments
» 1
Category
Sponsored Links