Corporate ID Theft Used to Jack Code Signing Certificate

Security researchers with F-Secure have found a new set of spammed malware that uses corporate identity theft to steal Authenticode code signing certificate.

The attack vector is new because of the use of legitimate contact information.

“This is something we’ve seen before,” the researchers write. “But this case seemed odd because the contact information appeared very genuine. Usually, a valid but malicious certificate uses clearly bogus or dubious details.”

The use of legitimate contact information is particularly worrisome because it makes it difficult for certification authorities to discern legitimate requests.

“When scammers have access to a company’s email, it is very difficult for a CA to verify whether the request coming from the company is genuine,” the researchers write. “Mistakes will also happen in the future. It is very likely that we’ll see more of these cases in which an innocent company with a good reputation is used as a proxy for malware authors to get their hands on valid certificates.”

Related posts:

1. Good Cyber Hygiene for Cyber Monday
2. Bank Sues Victim over Cyber Theft
3. Be Wary of Web Surfing, Infection is All Around You
4. Report Studies Social and Psychological Aspects of DDoS Attacks in ‘Web War One’
5. Fake Anti-Virus Pretends to be Firefox/Flash Update to Dupe Users