In association with heise online

14 November 2011, 18:29

Stolen government certificate signed malware

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Broken security icon A governmental digital certificate has been used to sign malware. According to a report by F-Secure, the certificate was used to sign a piece of malware which has been spread through malicious PDF files, dropped after an Acrobat Reader 8 exploit had taken place. It has been signed by "" – is the Malaysian Agricultural Research and Development Institute. To steal a certificate capable of signing, an attacker would need not just the certificate but also a passphrase; this could have been stolen by use of a key-logger.

The Malaysian authorities told F-Secure that the certificate had been stolen "quite some time ago"; it was valid from 29 September 2009 to 29 September 2011 and has therefore now expired, removing the advantage gained by the malware in being digitally signed in the first place – unsigned applications produce a warning when the user downloads them from the web, but valid signed applications do not. However, it is still very rare to find malware signed with a key that officially belongs to a government.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit