Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Last week, Trend Micro found malware samples that had been signed with digital certificates belonging to two software companies that develop specialized software. Since the two digital certificates are used by developers making very specialized products, this can increase the chances that this attack will succeed.

    We have identified several samples that were signed with these compromised certificates, which we detect as TROJ_KRYPT.SMMV or TSPY_KRYPTIK.NO. We do not know if the same author was responsible for both attacks, although they do share similarities.

    Both attacks used Java exploits to get onto the affected systems, which we detect as JAVA_EXPLOIT.SO and JAVA_EXPLOIT.EOJ. It’s worth noting that the exploits used here rely on vulnerabilities from early 2012, so a patched Java install would have helped protect users.

    In addition, they also used a similar packaging tool. This allows different types of malware to be launched into the memory of infected system without actually dropping the physical malware file. In addition, it makes it possible to re-use old malware code, since the packaging tool will produce an entirely different file from any original (detecting) malicious code, evading detection.

    Using a valid digital certificate can trick the target system and even security software into thinking that the running program came from a legitimate source. We have reported on similar incidents involving signed malware in the past:

    This incident – and the others like it – highlight how even “trusted” software can turn out to be malicious as well. We protect users from this threat by detecting any file that was compiled using the packaging tool.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice