Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Stuxnet Malware Signed With JMicron Certificate

Security researchers at anti-virus firm ESET state that they have discovered one digitally-signed malicious program associated with the recently found Stuxnet worm.

The fresh malevolent driver, which came into existence during the 3rd week of July 2010, exploits a certificate that JMicron Technology Corporation (a manufacturer of 'integrated circuits') produced.

Pierre-Marc Bureau, Senior Researcher at ESET, states that the abovementioned driver is of a different kind from those available earlier that were reportedly certified through Realtek Semiconductor Corp, as reported by ESET on July 19, 2010.

The malicious program, known as jmidebs.sys, installs itself as though it is some system driver. Moreover, its role resembles very much to the earlier drivers employed by Win32/Stuxnet. The present driver detects and inserts a script inside processes that run on a contaminated PC, with the script quietly stealing information.

Bureau states that such skilled performances are rarely seen. According to him, the attackers probably filched the certificates available with two-or-more companies or bought them from some person who happened to own them through theft.

Additionally, Bureau states that it is still unclear if the certificates with the attackers are changed owing to the exposure of the initial one or whether they are utilizing separate certificates for separate attacks. However, everything being done categorically indicates that the attackers possess considerable resources, Bureau concludes.

As per the security researchers, the current information is vital as from it additional information can be obtained about the people controlling Win32/Stuxnet.

Notably, it was in June 2010 that Belarusian anti-virus company VirusBlokAda originally discovered the Stuxnet worm. Yet it was only in the next month that the malware became public.

Interestingly, Stuxnet has several stunning facts about it. One, it proliferates by exploiting a new Windows flaw. Two, unlike any other malware, Stuxnet's elements comprising twin drivers having rootkit functionalities carry a digital signature.

When Stuxnet became public, Microsoft declared that VeriSign, after acquiring RealTek's consent, had repealed the certificate which though had already expired, was being utilized for signing the malware. Nevertheless, this could just mean that many sophisticated attacks are about to start based on similar tactics.

Related article: Stuxnet Virus Created More Than A Year Back

ยป SPAMfighter News - 7/31/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next