Realtek Digital Certificates Accompany Malware

Realtek Digital Certificates Accompany Malware


Sunday, November 14, 2010



Headlines

69dafe8b58066478aea48f3d0f384820

Lethic botnet malware is now being discovered with signed digital certificates from a Taiwanese company, Realtek Semiconductor Corp.

The certificates are similar to those that accompanied the Stuxnet virus that has been targeting SCADA systems for several months, most notably power facilities in Iran and India.

There is no evidence that Realtek is authorizing the use of the certificates, and researchers speculate that criminal cyber gangs responsible for the Lethic malware are simply using unverified forgeries.

By contrast, Stuxnet was accompanied by verified signed digital certificates.

Mike Geide of Zscalar, the security company who first noted the use of the Realtek certificates, is hopeful that the Lethic forgeries will lead to the identification of the parties responible for the spam distributing botnet.

"While this is not a digital signature - it is still identifying info that may be able to tie certain malware samples to the same author / group / or binary builder," Geide wrote.

The presence of verified and unverified signed digital certificates is alarming, as it undermines confidence in systems designed to prevent the spread of malicious code.

Source:  http://www.theregister.co.uk/2010/11/12/lethic_bot_digital_cert_ploy/

Comments