Some of the files associated with the new W32.Duqu threat were signed with a private key. After intense investigation we concluded that the private key used for signing these Duqu files was stolen from a Symantec customer whose systems appear to have been compromised. The private key was associated with a code signing certificate issued to that customer.
A Stolen Key
We take this very seriously and quickly revoked the customer code signing certificate in question. We have found no evidence of any breach to our systems and our records show that the code signing certificate was issued only after completing our rigorous customer authentication process. Our systems, roots and intermediate CAs were never at risk.
Running the world’s largest commercial cyber-intelligence network, Symantec is constantly monitoring the internet and customer environments in search of...