Video Screencast Help
Website Security Solutions

Code signing certificates used in repeat attacks

Created: 21 Jul 2010 • Updated: 18 Dec 2012
Tim Callan's picture
0 0 Votes
Login to vote

Within the past week or so we have seen a pair of malicious worms used that employ what appear to be stolen VeriSign Code Signing certificates. We became aware of both these attacks when they were reported in the press, and both of the certificates involved are revoked. Each certificate holder was fully cooperative and understanding about the need to revoke the certificates in question. We're looking at potential methods of predicting certificates that may be compromised and therefore used in subsequent attacks and then encouraging preemptive replacement by the holders of those certificates. Microsoft has issued an advisory on the Windows flaw and states it's working on a fix.

Here's a summary of the first discovered attack. Here's a summary of the newest attack. And here's a summary from The Tech Herald about how the certificates fit in.