| Home : December 16 2013 Computer News : Bogus antivirus program uses a dozen stolen signing certificates |
|
Bogus antivirus program uses a dozen stolen signing certificates |
December 16, 2013
A fake antivirus program in circulation uses at least a dozen stolen digital code-signing certificates, indicating cybercriminals are increasingly breaching the networks of software developers, Microsoft wrote on Sunday.The application, branded as “Antivirus Security Pro,” was first detected in 2009 and has gone by a handful of other names over the years, according to a Microsoft advisory, which calls it by a single name, “Win32/Winwebsec.”Digital certificates, issued by Certification Authorities (CAs), are used by developers to “sign” software programs, which can be cryptographically checked to verify that a program hasn’t been tampered with and originates from the developer who claims to write it.If a hacker obtains the authentication credentials to use a certificate, they can sign their own programs, which makes it appear the applications come from a legitimate developer.To read this article in full or to leave a comment, please click here
Link: http://www.pcworld.com/article/2080620/bogus-antivirus-program-uses-a-dozen-stolen-signing-certificates.html#tk.rss_all
|
|
|
|
|
