DooKey
[H]F Junkie
- Joined
- Apr 25, 2001
- Messages
- 13,559
Wikileaks released more intel today that shows digital certificates for the authentication of implants are generated by the CIA to impersonate existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. Digital certificates and faking them are one of the big things these days when it comes to hacking. Leave it to the CIA to jump right on-board with the rest of the hackers out there. Not that I'm surprised or anything.
Hackers are increasingly abusing digital certs to smuggle malware past security scanners. Malware-slinging miscreants may not even need to control a code-signing certificate. Security researchers from the University of Maryland found that simply copying an authenticode signature from a legitimate file to a known malware sample – which results in an invalid signature – can result in antivirus products failing to detect it.
Hackers are increasingly abusing digital certs to smuggle malware past security scanners. Malware-slinging miscreants may not even need to control a code-signing certificate. Security researchers from the University of Maryland found that simply copying an authenticode signature from a legitimate file to a known malware sample – which results in an invalid signature – can result in antivirus products failing to detect it.