Security firm F-Secure has a new malware discovered which has a certificate that is signed seems to be a key of the Malaysian government. The certificate, which has expired, would by strangers have been stolen.
According to F-Secure have the malwaremakers a certificate that is signed by the Malaysia-based Agricultural Research and Development Institute. The certificate would have this authority already, ‘some time ago’ have been stolen, reports the security company on the basis of information from the Malaysian government.
The malware, which manipulated pdf files is found and ‘W32/Agent.DTIW’ is called, would use to try to create a vulnerability in Adobe Reader 8. Also attempts to make the after infection several parts to download that again of certificates with ‘esupplychain.com.tw’ as the source. The malware would, however, now no longer gain the full benefits of the transfer of a certificate, such as a hassle-free installation in Windows, because the Malaysian certificate since september 29, is no longer valid.
While it is relatively rare that malware has a certificate, the apply of certificates signed by public authorities even less frequently, according to F-Secure. Nevertheless, managed advanced malware such as Stuxnet and the recent Duqu abuse of forged certificates, while in the Netherlands the notorious Diginotar case for a lot of turmoil resulted.