Actu
Cyber Threat Advisory: New Malware Is Digitally Certified! Beware!
February 2013 by
Malwarebytes is reporting a new version of banking credential and password
stealing malware that is particularly dangerous because it is signed with a
real and valid digital certificate authenticating the veracity of the file.
When the email is opened, the user is surreptisiously connected to a server
that downloads a very large banking Trojan (over 10 MB unzipped) to their
desktop. However, in this case, size does matter because antivirus scanners
have trouble detecting malware files this large and enables this malware to
evade many of the scanners in the market today (except of course
Malwarebytes.)
Yes, this is a piece of clever malware but it begs an even bigger question:
who can we trust now if even digital certificates can be abused so easily?
The digital certificate and encryption market is forecasted to reach $1.8
Billion by 2015, according to Global Industry Analysts, Inc. But if a
digital certificate really can’t guarantee the veracity of file, then what?
Another complicating factor in this discussion is that already today, a lot
of potentially unwanted applications use digital certificates and clearly,
malware has evolved to using these as well as a new tactic originally used
in the Stuknet malware to evade detection.
For additional information about this new piece of malware just discovered
by Malwarebytes researchers, I can forward you an advance copy of the
Malwarebytes blog that details how the malware works and I can set up a
conversation with Malwarebytes researcher Jerome Segura. He can give you
information about the malware as well as tips to further secure the desktop
such as not opening files that use multiple file extensions: i.e.
document.pdf.xls.exe. And many users don’t know that just because a file
looks like a word or PDF doc, never trust the file icons to reveal the true
nature of that file.
