Stolen Digital Certificates Becoming Standard Malware Components | threatpost

Stolen Digital Certificates Becoming Standard Malware Components | threatpost.

One of the lesser known facts about Stuxnet is that it used two stolen digital certificates to bypass anti-malware systems.

“…many antimalware products and other security applications will whitelist binaries and files that are digitally signed. These components are simply trusted and passed along in most cases. The creators of Stuxnet obviously knew this and used it to their advantage. In the wake of the Stuxnet attack, security experts said that they expected other malware authors to follow the lead of Stuxnet and begin using digial signatures to evade security software, and that prediction is already being fulfilled.

Now that there is a new version of Zeus that’s digitally signed, it’s clear that digitally signed binaries can no longer be trusted. Will digital certificate black lists be added to anti-malware products?