Regular readers of the Symantec blog may sometimes read blogs that mention a fraudulent file that is signed with a valid digital certificate or that an attacker signed their malware with a stolen digital certificate.
You may recall that the creators of Stuxnet, arguably the most notorious malware in history, signed it using the private keys of valid digital certificates of well-known companies.
Digital certificates are significant because a file with a digital certificate can be checked to see who authored it and to make sure it was not altered. Moreover, some versions of Windows display a dialog box when a file that has no digital signature is opened. If an attacker signs malware with the stolen private key from a digital certificate, Windows will execute the file in many cases, except if the file is downloaded from the Internet using a Web browser.
How does an...