A recently identified ZeuS trojan sample is digitally signed with a fake certificate whose purpose is to make the piece of malware harder to detect. According to security experts from Avira who discovered the sample, the digital certificate is signed by an entity called "DetectMe " and dates since the end of February. Although the ability to digitally sign code has been around since Windows NT, the practice has only seen more adoption starting with Vista where the difference between signed and unsigned executables is clearly noticeable in User Access Control alerts. Digitally signed malware, as in malicious programs that actually use a valid certificate signed by a trusted CA, are rare because the benefits of doing it are hardly worth the trouble. Nevertehless, some malware authors sign their creations with forged certificates occasionally in an attempt to trick less sophisticated file scanners or the users themselves. ZeuS bot runners in particular seem to be more inclined to do this than others.