Digitally Signed Malware Is Increasingly Prevalent, Researchers Say
By: Lucian Constantin, PC World
Security companies have recently identified multiple malware threats
that use stolen digital certificates to sign their components in an
attempt to avoid detection and bypass Windows defenses.
When it was discovered in 2010, the Stuxnet industrial sabotage worm
surprised the security industry with its use of rootkit components that
were digitally signed with certificates stolen from semiconductor
manufacturers Realtek and JMicron.
Security experts predicted at the time that other malware creators
would adopt the technique in the future in order to bypass the driver
signature enforcement in 64-bit versions of Windows Vista and 7. Given
recent developments it seems that they were right.
A backdoor discovered by Symantec in December installed a rootkit
driver signed with a digital certificate stolen from an undisclosed
company. The certificate was revoked by VeriSign at the owner's request 9