Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Microsoft Reveals - Fake Anti-Viruses Increasingly Rely on Stolen Digital Certificates

Pcworld.com published a report on 16th December, 2013 quoting Microsoft as 'A fake antivirus program in circulation uses at least a dozen stolen digital code-signing certificates indicates that cybercriminals are increasingly breaching the networks of software developers.'

The app acknowledged as "Antivirus security Pro" was first identified in 2009 and has gone by many other names but Microsoft advisory calls it by a single name as 'Win32/Winwebsec'.

Digital certificates acknowledged by CA (Certification Authorities) are utilized by developers to "sign" software that can be cryptographically verified to confirm that a solution has not been corrupted with and originates from the authors who declares to write it.

The company wrote that the samples of 'Antivirus Security Pro' collected by the software giant (Microsoft) used embezzled certificates issue by dissimilar CAs to software composers in various locations around the Globe.

Microsoft says that these certificates were issue by different CAs (Comodo, VeriSign, DigiCert and Thawte) to software developers in the Netherlands, US, Germany, Great Britain and Canada.

Microsoft researchers pointed out that the aforementioned list is most likely incomplete since it has been compiled of only the certificates used for the sample examples that Microsoft was able to get their hands on.

HELP NET SECURITY published a report on 16th December, 2013 quoting a comment of researchers as "Interestingly, one of these certificates was issue only three days (or 72 hours) before we started seeing malware samples signed with it suggesting that the distributors of malware are regularly embezzling fresh certificates rather than employing certificates from an older stockpile."

Other malware such as the Fareit and Ursnif password-stealing Trojans have also been signed with stolen certificates and also both have been able of pilfering certificates and private keys at one time or another.

But the resurgence of theft of certificate means software writers should keep their code-signing private keys safe.

Software developers or writers must guard the clandestine keys employed for code-signing on securely-stored hardware devices like smart cards, USB tokens or hardware security modules in an attempt to avert problems. In case a certificate is assumed to have been hijacked, CAs can repeal it.

ยป SPAMfighter News - 12/24/2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page