It seems that soon we will need to spend much more time for making a decision whether a program is legitimate or malicious. That’s because scammers have started to release more and more malware, which is signed with legitimate digital certificates. Experts highlight that these certificates are perfect for advanced attacks and can easily help scammers to infect even the most-secure machines.
Prior to these days, scammers have been trying to gain the access to digital certificates using quite primitive ways: they have simply been connecting to certificate authorities (CA’s) and presenting themselves as trusted entities. Luckily to them, they have managed to trick a couple of CAs without notifying these people that these certificates will be used for malicious purposes. However, it can be expected that soon these trickeries will be forgotten because they have started to steal valid digital certificates from software developers. According to the latest data, more than 12 of companies have already been injured by bad guys. Microsoft warns that this is just a beginning – attackers keep stealing new certificates at enormous speed.
Once a legitimate certificate is stolen, scammer uses it to sign malware code and gets ability to fool security defenses. The mostly known rogue anti-spyware, which is designed in such way, is Antivirus Security Pro. It belongs to WinWebSec family of rogues. We wrote about it in 5th of December, 2013. However, it seems that Sirefef family of malwares is also using the same scheme – the image on your left explains how scammers download signed copies of virus to people’s computers.
Please, be sure that your anti-virus and anti-spyware programs are updated to their latest versions. In addition, stay away from illegal websites and stop using illegal software.