Digitally Signed Malware Is Increasingly Prevalent, Researchers Say
By: Lucian Constantin, PC World
Security companies have recently identified multiple malware threats that use stolen digital certificates to sign their components in an attempt to avoid detection and bypass Windows defenses.
When it was discovered in 2010, the Stuxnet industrial sabotage worm surprised the security industry with its use of rootkit components that were digitally signed with certificates stolen from semiconductor manufacturers Realtek and JMicron.
Security experts predicted at the time that other malware creators would adopt the technique in the future in order to bypass the driver signature enforcement in 64-bit versions of Windows Vista and 7. Given recent developments it seems that they were right.
A backdoor discovered by Symantec in December installed a rootkit driver signed with a digital certificate stolen from an undisclosed company. The certificate was revoked by VeriSign at the owner's request 9 days later.