ZeuS bot herder taunts security researchers through fake digital certificate.

Published on April 15, 2011 By ShadowWar In Internet

A recently identified ZeuS trojan sample is digitally signed with a fake certificate whose purpose is to make the piece of malware harder to detect. According to security experts from Avira who discovered the sample, the digital certificate is signed by an entity called "DetectMe " and dates since the end of February. Although the ability to digitally sign code has been around since Windows NT, the practice has only seen more adoption starting with Vista where the difference between signed and unsigned executables is clearly noticeable in User Access Control alerts. Digitally signed malware, as in malicious programs that actually use a valid certificate signed by a trusted CA, are rare because the benefits of doing it are hardly worth the trouble. Nevertehless, some malware authors sign their creations with forged certificates occasionally in an attempt to trick less sophisticated file scanners or the users themselves. ZeuS bot runners in particular seem to be more inclined to do this than others.

Comments

Dr Guy

on Apr 15, 2011

Diabolical! But not totally unexpected.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!