Microsoft Reveals - Fake Anti-Viruses Increasingly Rely on Stolen Digital Certificates

Pcworld.com published a report on 16th December, 2013 quoting Microsoft as 'A fake antivirus program in circulation uses at least a dozen stolen digital code-signing certificates indicates that cybercriminals are increasingly breaching the networks of software developers.'

The app acknowledged as "Antivirus security Pro" was first identified in 2009 and has gone by many other names but Microsoft advisory calls it by a single name as 'Win32/Winwebsec'.

Digital certificates acknowledged by CA (Certification Authorities) are utilized by developers to "sign" software that can be cryptographically verified to confirm that a solution has not been corrupted with and originates from the authors who declares to write it.

The company wrote that the samples of 'Antivirus Security Pro' collected by the software giant (Microsoft) used embezzled certificates issue by dissimilar CAs to software composers in various locations around the Globe.

Microsoft says that these certificates were issue by different CAs (Comodo, VeriSign, DigiCert and Thawte) to software developers in the Netherlands, US, Germany, Great Britain and Canada.

Microsoft researchers pointed out that the aforementioned list is most likely incomplete since it has been compiled of only the certificates used for the sample examples that Microsoft was able to get their hands on.

HELP NET SECURITY published a report on 16th December, 2013 quoting a comment of researchers as "Interestingly, one of these certificates was issue only three days (or 72 hours) before we started seeing malware samples signed with it suggesting that the distributors of malware are regularly embezzling fresh certificates rather than employing certificates from an older stockpile."

Other malware such as the Fareit and Ursnif password-stealing Trojans have also been signed with stolen certificates and also both have been able of pilfering certificates and private keys at one time or another.

But the resurgence of theft of certificate means software writers should keep their code-signing private keys safe.

Software developers or writers must guard the clandestine keys employed for code-signing on securely-stored hardware devices like smart cards, USB tokens or hardware security modules in an attempt to avert problems. In case a certificate is assumed to have been hijacked, CAs can repeal it.

» SPAMfighter News - 12/24/2013