Brazilian Trojan Issued Digital Certificate; Revoked Later
By on September 9th, 2012

Wikipedia defines a digital certificate as ‘an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.’

In the case of software, it is used to ensure that the software is what it claims. Operating Systems use digital certificates to make sure that an application that is being installed is valid. But what if the digital certificate is obtained by giving fake information?

There have been cases in the past were malware authors used stolen digital certificates for their rogue apps. But according to a report from Kaspersky, a group of Brazilian Trojan authors was able to obtain genuine certificates from Comodo by using fake data.

The authors used a fake company name gastecnology.org for obtaining the certificate. As shown in the Securelist blog, a simple DNS lookup of that particular domain name gives use some clues as to the veracity of that company.

Firstly, the email address used to register the account is a free Yahoo Mail account and secondly, the phone number as well as the address provided was fake.

After obtaining the digital certificate, the malware authors used an extensive email campaign to spread the malware. The certificate has been revoked since then and the application is now flagged as malware.

Although the certificate was revoked, the big question here is why the certificate was allowed in the first place. Since digital certificate plays an integral part in verifying the validity of an application, signing an application should be only done after verifying the submitted data which was not the case here. Hopefully certification authorities will be more careful after this incident.

Tags: ,
Author: Nithin Ramesh Google Profile for Nithin Ramesh
Nithin is a blogger and a Windows security enthusiast. He is currently pursuing Bachelors in Electronics and Communication. Apart from technology his other interests include reading and rock music. His Twitter handle is @nithinr6

Nithin Ramesh has written and can be contacted at nithin@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN