Myrtus and Guava, Episode 2
Having finished episode 1 on a botanical note, let’s continue our trip into the undergrowth by taking a look at the Stuxnet Trojan’s digital signature.
Digitally signed malware is a nightmare for antivirus developers. Digital signatures have a lot riding on them – they act as proof that an application is legitimate, and are a key concept in information security. They also have considerable influence on how effective a security solution is – it’s no secret that a digitally signed file will be “trusted” by security software and will often automatically be whitelisted.
However, sometimes cybercriminals do somehow manage to get their hands on their very own code signing certificate/ signature. Recently, we’ve been seeing regular instances of this with Trojans for mobile phones. When we identify cases like this, we inform the appropriate certification authority, the certificate is revoked, and so on.
However, in the case of Stuxnet, things look very fishy indeed. Because the Trojan isn’t signed with a random digital signature, but the signature of Realtek Semiconductor, one of the biggest producers of computer equipment.
Recalling a certificate from a company like this simply isn’t feasible – it would cause an enormous amount of the software which they’ve released to become unusable.
Tags: anti-virus, Industry News, Industry News, Information Technology, Internet Security, Kaspersky, security, Software, virus
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.