Backdoor Utilizing Fake Certificate Supposedly from Adobe Bypasses Detection
According to Symantec, one backdoor Trojan is aiming attack on Windows-users by applying one bogus Adobe certificate so it doesn't get detected.
The company's researchers outline that the new malicious program comes in the guise of certain 'Word13.exe' file.
Symantec Researcher Hiroshi Shinotsuka explained that alongside utilizing the Adobe sign for deceiving end-users into wrongly believing that the file was genuine, creators of the Trojan further utilized one forged digital signature, while included more fake details of the certificate. Scmagazine.com published this, June 17, 2013.
Shinotsuka wrote that the file was false, since it was written inside the space namely "Issued By," the three worded phrase "Adobe Systems Incorporated." In reality, Adobe was the customer of VeriSign. Further, details of the certificate given showed an authorized entity that was untrustworthy, the researcher indicated.
He explained that since VeriSign certified Adobe's software on latter's behalf, a lawful certificate would have the authorization from the security firm based in Reston, Virginia rather than Adobe itself.
When the malicious Trojan is run, it inserts itself inside notepad.exe and iexplore.exe followed with creating a backdoor for the attacker who then gains hold of the contaminated system.
Fascinatingly, according to Symantec, the backdoor does several tasks: filching PC and user information; crafting, downloading, erasing, shifting, hunting out, as well as executing files; creating folders; copying mouse movements, capturing screenshots, and filching details from Skype communications.
Security Response Manager Satnam Narang at Symantec stated that no name had yet been allotted to the Trojan. He continued that possibly it was getting served via drive-by download attacks alternatively through phishing electronic mails carrying destructive attachments. Scmagazine.com published this.
Narang added that his team didn't possess the exact number of contaminations. It actually uncovered the Trojan on the Web, therefore, didn't know the exact details regarding the number of individuals infected, however, that number was quite low, he indicated.
Symantec urged users to forever keep their anti-virus definitions up-to-date, while routinely update their software programs too. It was further necessary to check the Web-address again before downloading anything from it and, when possible, examine the certificate as well as signature, it added.
» SPAMfighter News - 7/2/2013