1 min read

Microsoft Rushes Update After Digital Certificate Abuse in Flamer

Bogdan BOTEZATU

June 05, 2012

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Microsoft Rushes Update After Digital Certificate Abuse in Flamer

Microsoft has delivered a security patch via the Windows Update service to revoke three digital certificates that the Flamer malware has used to evade detection.

The accompanying security advisory from the Redmond-based software vendor states that samples of Flamer malware using unauthorized digital certificates derived from a Microsoft Certificate Authority have been seen in the wild. Flamer, also known as Skywiper, is one of the world`s most complex e-threats to date. Some of its components had been signed by certificates that allow software to appear as if it was built by Microsoft, which allows it to circumvent some security checks in the operating system, as well as in some antivirus products.

We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft,“ Mike Reavey, Senior Director to Microsoft`s Security Response Center (MSRC), wrote in a blog post. The company does not state who the abused certificates belong to or how they were leaked to the attacker.

Digitally-signed malware has become increasingly prevalent since the discovery of Stuxnet. This breed of malware is particularly dangerous, as some antiviruses skip digitally-signed malware from scanning as they are believed to be trustworthy. Also, some components, such as kernel-mode drivers ” components that are mostly known as rootkits, need to be digitally signed to infect 64-bit operating systems.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read