Code signing certificates used in repeat attacks
Within the past week or so we have seen a pair of malicious worms used that employ what appear to be stolen VeriSign Code Signing certificates. We became aware of both these attacks when they were reported in the press, and both of the certificates involved are revoked. Each certificate holder was fully cooperative and understanding about the need to revoke the certificates in question. We're looking at potential methods of predicting certificates that may be compromised and therefore used in subsequent attacks and then encouraging preemptive replacement by the holders of those certificates. Microsoft has issued an advisory on the Windows flaw and states it's working on a fix.
Here's a summary of the first discovered attack. Here's a summary of the newest attack. And here's a summary from The Tech Herald about how the certificates fit in.