In association with heise online

27 June 2013, 12:38

Opera users received malicious update - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Opera logo

In a post on the browser vendor's security blog, Opera employee Sigbjørn Vik has informed users of a security breach at the company during which unknown attackers have gotten control of an expired code signing certificate. The attackers used that certificate to sign malware and deliver it to thousands of Opera users through the browser's automatic updating function. Opera has advised users to update to a new version of its browser as soon as it is released.

The attackers had accessed Opera's corporate network on 19 June between 1:00 am and 1:36 am CET. The company says that their systems have been cleaned and that there is no evidence of user data having been copied. Opera is working with relevant authorities to investigate the attack. Users who had received the malicious update might have installed it automatically and subsequently got infected by the included trojan. A scan with the VirusTotal service reveals that more than half of the anti-virus engines used by the scanner can currently detect the trojan.

Opera says it will soon release an updated version of their browser which will use a new code signing certificate "to be on the safe side".

Update (28 June): Mark 'Tarquin' Wilton-Jones of Opera has responded to some of the unanswered questions raised by the company's initial statement: The malware was apparently distributed via the autoupdate servers used for both Opera 12 and Opera 15 and managed to be installed even though it had an old, expired certificate originally used to sign, for example, Opera 12. According to Wilton-Jones, the reason that the expired certificate works is due to the way the operating systems handle them, although, he says, Opera could certainly run its own additional checks in the future. Windows users seem to have been hit the hardest, since not all Windows versions check the certificate. Wilton-Jones tries to reassure users saying the malware did not affect the Opera installation itself; the autoupdate delivered trojan was installed directly onto the operating system.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit