Malware Authorized with Digital Certificate Witness Huge Proliferation; McAfee

Experts from McAfee the security company state that malware accompanied with digital authorization is rapidly spreading as it's made to cleverly counteract sandboxing as well as white-listing defense systems.

Director of Advanced Research and Threat Intelligence David Marcus of McAfee, who was delivering a talk at Las Vegas (USA) held McAfee Focus 2013, said that the security company detected 1.2m fresh malware digitally signed during Q3-2013 alone. Computerweekly.com published this dated October 4, 2013.

Marcus said that the above kind of malicious codes were signed with genuine digital certificates, which were neither forged nor filched rather they belonged to CAs (certificate authorities) alternatively agencies the latter sub-contracted.

He added that an assessment of McAfee's collection of the new malware programs showed Verisign, Comodo and Thawte as the issuers of certificates that were most exploited.

Marcus noted that cyber-criminals were aware about sandboxing and white-listing defense systems that typically allowed any content to pass if it had one genuine digital certificate; consequently, they treated their malware accordingly.

Naturally therefore, organizations required being careful with software downloads even if they carried digital signatures, Marcus pointed out.

This problem, however, could be solved if, according to Marcus, CAs and security firms coordinate for making sure they recognize malware that abuse digital certificates and invalidate that software instantly.

Marcus' co-presenter Chief Information Security Engineer, ePO James Wolfe at Lockheed Martin stated that the problem about misused certificates utilized for authorizing malicious software had received greater attention compared to the previous time of 2013 when several specific malware attacks were publicly revealed, although it wasn't a wholly new tactic. Networkworld.com reported this dated October 3, 2013.

Wolfe described digitally-signed malware as one form of APT (Advanced Persistent Threat) that attempted and successfully impaired organizations' security.

Even bad was that organizations often handled digital certificates manually using reminder notes or spread-sheets that implied a general shortage of control as well as management, thus presenting cyber-criminals with a perfect attack medium.

Therefore, McAfee recommends that organizations can formulate one internal CA for authorizing software they develop till the time certificate repute plausibly begins getting incorporated into security software for detecting malware.

» SPAMfighter News - 10/15/2013