DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts - View Single Post - Hackers Steal Government Certificate To Distrubute Malware

Ladybbird · 25-11-11, 21:16

F-Secure finds rare digitally signed malware

This screen shot shows details of the certificate that was stolen and used to trick computers into trusting malware.

This screenshot shows details of the certificate that was stolen and used to trick computers into trusting malware.
(Credit: F-Secure)

Researchers at F-Secure have uncovered a rarity--malware that is signed with a valid code-signing certificate stolen from a government.

The malware uses a certificate for mardi.gov.my, which is the Agricultural Research and Development Institute of Malaysia. That agency told F-Secure that the certificate had been stolen "quite some time ago." It expired at the end of September so is no longer effective for authentication.

The Trojan program, which F-Secure detected as Agent.DTIW, spreads via malicious PDF files that exploit a vulnerability in Adobe Reader 8, according to the F-Secure blog.

"The malware downloads additional malicious components from a server called worldnewsmagazines.org. Some of those components are also signed, although this time by an entity called www.esupplychain.com.tw," the blog post says.

Code-signing certificates are used to authenticate software so a computer will trust it and run it.

"It's not that common to find a signed copy of malware. It's even rarer that it's signed with an official key belonging to a government," Mikko Hypponen wrote on the blog.

Stolen digital certificates are used by hackers to trick people into visiting malicious Web sites, as well as trick computers into running untrusted code. They were used with Stuxnet, which targeted SCADA (supervisory control and data acquisition) systems, and more recently with the recently discovered Duqu malware.

Being targeted by hackers is a growing problem for certificate authorities that issue the certificates. Dutch DigiNotar filed for bankruptcy after its system was breached and a hacker was able to generate fake certificates. The same hacker claimed credit for that breach, as well as one involving CA Comodo and its resellers earlier this year.

And this isn't the first time there has been an issue with certificates from Malaysia. Earlier this month, Mozilla said that Malaysian certificate authority DigiCert Sdn. Bhd had issued 22 certificates with weak keys. While there was no evidence that the certificates were issued fraudulently, the weak keys allowed the certificates to be compromised, Mozilla said.

Meanwhile, Dutch certificate authority KPN said it was suspending the issuing of certificates after finding a distributed denial-of-service tool on one of its Web servers.

25-11-11, 21:16	#1
Ladybbird Join Date: Feb 2011 Posts: 50,508 Thanks: 28,767 Thanked 14,428 Times in 10,234 Posts Awards Showcase Total Awards: 8	Hackers Steal Government Certificate To Distrubute Malware F-Secure finds rare digitally signed malware This screen shot shows details of the certificate that was stolen and used to trick computers into trusting malware. This screenshot shows details of the certificate that was stolen and used to trick computers into trusting malware. (Credit: F-Secure) Researchers at F-Secure have uncovered a rarity--malware that is signed with a valid code-signing certificate stolen from a government. The malware uses a certificate for mardi.gov.my, which is the Agricultural Research and Development Institute of Malaysia. That agency told F-Secure that the certificate had been stolen "quite some time ago." It expired at the end of September so is no longer effective for authentication. The Trojan program, which F-Secure detected as Agent.DTIW, spreads via malicious PDF files that exploit a vulnerability in Adobe Reader 8, according to the F-Secure blog. "The malware downloads additional malicious components from a server called worldnewsmagazines.org. Some of those components are also signed, although this time by an entity called www.esupplychain.com.tw," the blog post says. Code-signing certificates are used to authenticate software so a computer will trust it and run it. "It's not that common to find a signed copy of malware. It's even rarer that it's signed with an official key belonging to a government," Mikko Hypponen wrote on the blog. Stolen digital certificates are used by hackers to trick people into visiting malicious Web sites, as well as trick computers into running untrusted code. They were used with Stuxnet, which targeted SCADA (supervisory control and data acquisition) systems, and more recently with the recently discovered Duqu malware. Being targeted by hackers is a growing problem for certificate authorities that issue the certificates. Dutch DigiNotar filed for bankruptcy after its system was breached and a hacker was able to generate fake certificates. The same hacker claimed credit for that breach, as well as one involving CA Comodo and its resellers earlier this year. And this isn't the first time there has been an issue with certificates from Malaysia. Earlier this month, Mozilla said that Malaysian certificate authority DigiCert Sdn. Bhd had issued 22 certificates with weak keys. While there was no evidence that the certificates were issued fraudulently, the weak keys allowed the certificates to be compromised, Mozilla said. Meanwhile, Dutch certificate authority KPN said it was suspending the issuing of certificates after finding a distributed denial-of-service tool on one of its Web servers. __________________ *6000 PLUS* Cases-He's LOST ALL Heard So Far: TRUMPs Onslaught of Lawyers are 'Hitting a Wall' -Judges & Cases Lining Up Against TRUMP France To Ask For Statue of Liberty Back -No Longer Fits 'Freedom' Under TRUMP.. AND Starmers REVOLTING Betrayal of Britain Will NEVER Be Forgiven TRUMPs' REVENGE -Clear & Present Danger -People Who Worship at The Altar of Trump Will KNEEL, NOT STAND Up to Him PLEASE Click DONATE & Thanks to ALL Members of ...** 1..