Fox-IT has a total of eleven certificates were found that already many months were actually abused. According to the security company, the certificates are not stolen, but they could by the weak RSA-512 encryption to be generated.
Last week was a certificate for malware, found, that signed seemed to be a key of the Malaysian government. F-Secure reported then that the certificate probably was stolen. According to security firm Fox-IT said Mikko Hypponen of F-Secure on the Govcert conference last week, however, that there probably, there was no theft.
Fox-IT points out that Microsoft and Mozilla earlier confidence in the authority Digicert Sdn. Bhd. had terminated, because this organization from Malaysia certificates with lack of security had issued. The encryption might be weak, the goal would not be specified and there would be no period of validity are given.
The Dutch security company now says this year nine certificates found in the wild were used to malware to have signed, and that there are two copies provided were, by an external party. It was, in all cases, RSA 512bit certificates and in one case the certificate was already in August 2010 found and maybe already in march of that year. Troublemakers the weak certificates themselves have managed to generate.
The RSA 512-security has been around since times insufficient. The first time that a 512bits number in primes was dissolved is already twelve years ago and today, this can be due to the increased computing power in a few weeks to even a few days. Fox-IT takes the Microsoft blame the company not earlier intervention and verification of executable files with weak certificates has been stopped.