Digitally Signed Malware Is Increasingly Prevalent, Researchers Say

Hackers are using stolen certificates, making it tougher to detect and prevent malware.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

Computerworld: Security companies say they're seeing an increase in malware signed with fraudulent digital certificates. The Stuxnet worm was one of the first to use the technique, and now other malware creators have adopted the tactic. Costin Raiu of Kaspersky Labs explained that malware with a digital certificate is particularly troublesome because "signed modules are more likely to be included in whitelisting collections, meaning the chance of them being fully analyzed is lower and they remain undetected for longer period of times."

In some cases, the hackers use forged certificates, but in others they use stolen certificates, which are particularly difficult to block. If legitimate software is signed with the same credentials, companies cannot simply revoke the certificate or everyone who uses the legitimate software will find that it stops working.

Tags: security, hackers, malware

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.