Researchers found malicious software freely circulating that uses a digital signature that belongs to the Government of Malaysia, in order to bypass the security warning operating systems and security software.
According to Mikko Hipponenu, chief scientific officer F-Secure, a stolen certificate belongs to the Malaysian Agricultural Research Institute. He found that the certificate used to sign malware distributed by mail “bombs” PDF-files. Using the official signature to confirm the validity of malicious applications, attackers were able to bypass the warning Microsoft Windows, usually appears when a user tries to install an unsigned application.
“Malware is spread through infected PDF-file and installed on the computer after cracking Adobe Reader 8″ – wrote Hypponen on Monday in his blog . ”Malicious software download additional malicious components from the server called worldnewsmagazines.org. Some of these components have also been signed, although in this case, they were loaded from a site called www.esuplychain.com.tw”.
Compromised certificates found F-Secure, signed anjungnet.mardi.gov.my. Expired at the end of September. Hypponen said that the Malaysian authorities indicate that the certificate had been stolen “for a long time.”