Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

False Digital Certificate Signature Validates Malware; Kaspersky

Kaspersky the security company recently found a malicious program floating across the Web which it recognized as Trojan.Win32.Mediyes and also which carried one digital certificate issued from VeriSign, published InfosecIsland.com dated March 16, 2012.

Understandably, some 5,000-or-more computers have been infected with Mediyes, with the majority located in Western Europe -an explanation attributed to the filched digital certificate being the item of a Swiss firm while the C&C (command-and-control) server having its base in Germany.

Security specialist Vyacheslav Zakorzhevsky from Kaspersky reports that there's been an identification of many dropper files, which carry signatures dated from the period December 2011 to March 7, 2012. Also for these files, a certificate has been utilized from Conpavi AG the Swiss firm, which believably works with the cantons and municipalities of the Swiss government, blogged SECURLIST dated March 15, 2012.

Reportedly, there's a driver accompanying the dropper for the 32-bit version that's automatically loaded to the infected computer's driver directory and once that's done, the malware eliminates itself. The driver doesn't carry the signature still it manages to manipulate the 32-bit Windows OSs.

Now there are 2 primary functions of the driver (Rootkit.Win32.Mediyes) i.e. to insert one DLL file identified as Trojan.Win32.Mediyes inside any process running within the browser, as well as to keep Mediyes out-of-sight.

And once the browser is infected, it becomes possible to change all the search requests on Bing, Yahoo and Google for the cyber-criminals' own. These criminals then execute a Pay-Per-Click scheme named Search 123 and reap cash whenever an end-user performs a search.

Meanwhile during 2011-spring, Avira a security solutions vendor detected a ZeuS Trojan sample which carried one digital certificate signature, while many-a-times, researchers spotted Zeus variants having counterfeit Avira or Kaspersky digital signatures.

Moreover, one fake SSL certificate supposedly from Google became evident that possibly was used during a ruse Iran's government carried out for executing Man-in-the-Middle assaults.

Senior E-Threat Analyst Bogdan Botezatu from BitDefender an anti-virus provider said that malware-creators got installers signed in addition to drivers, as certain AV programs didn't doubt the digitally-signed installers and so left them free of scan. ComputerWorld.com published this on March 15, 2012.

Related article: Flaws Detected in Yahoo Music Jukebox

ยป SPAMfighter News - 26-03-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next