Zeus Variant Forging Digital Signature of Avira Certificate Detected

Security investigators at Avira a German anti-virus company are cautioning that one fresh variant of Zeus, an advanced PC Trojan that attacks financial institutions and websites, has emerged that uses an impersonated digital certificate apparently that of Avira.

Incidentally, it's rare that digitally signed malicious programs are found, since malware writers will hardly find alternatives for applying it accurately as also it normally is not worth the effort.

But, the latest Zeus variant doesn't possess an authentic signature. Moreover, an attempt to see a digital signature's properties brings forth a message from Microsoft Windows that states that there has been the processing of a certificate sequence; however, stopped within the origin of certificate that the trust supplier doesn't trust.

Note the researchers at Avira that this message should not be misunderstood since its implication merely is that Avira GmbH hasn't created this certificate and hence, it isn't an illegally acquired certificate. Softpedia.com published this on February 21, 2011.

Meanwhile, it was on February 10, 2011 when the certificate utilized for digitally signing the variant emerged as also the day it posed as a VeriSign-issued certificate. Nevertheless, as per the error note's implication, it's not the same as VeriSign's original certificate attached to Windows, an obvious indication that it is false.

Worryingly, it isn't new to have a Zeus sample disguising as an allegedly authentic digital certificate. Previously, Zeus distributors utilized a digital signature that pertained to a Kaspersky device created for cleansing PCs off precisely that malware.

Indeed, it's because of the above kind of incidents that certain researches have reached the conclusion that a huge 44% of the total number of financial malware programs has been created in line with Zeus.

This alarming situation given, it's horrifying still for learning that most new security software, despite being in its up to date form, cannot detect and eliminate Zeus infections, specialists observe.

Furthermore, according to one new research by Trusteer the security company, a good 55% of the total number of tested 10,000 PCs that had up to date security applications deployed, couldn't find and eliminate the Zeus malware, specialists conclude.

Related article: Zeus Trojan Stole Huge Amount of Information

» SPAMfighter News - 2/28/2011