New Malware Has Legitimate Government Signing Key

The scourge of the internet has always been the malware that infects it. It is most likely a problem that is not going to go away anytime soon so you have to be prepared to try and protect yourself from attack. One way to do that is to make sure that you pay attention to certain key security features when you browse the web. One of these features is the signing certificates that you run across when you are browsing a secure web site.

A browsing certificate in general is an encrypted key that the web site sends you to let you know that you are on the correct site and that you are safe. The key is provided by a trusted third party and your browser creator makes sure that they can confirm if the key is real or not. If the key is not real then the browser will pop up a warning and ask you if you are sure that you want to continue your visit to that site. If you say yes it will let you pass but it will give you a strong warning not to go. This system works most of the time but there are some flaws in it.

A newly found flaw is that some malware have found a way to be able to put real security keys inside of their programs. This way the browser is fooled into convincing you that you are on the correct site. Once you are allowed to pass then the site ends up either pulling a phising attack on you or it loads a Trojan of some sorts on your computer. Whatever the type of attack they pull, you can be sure that it is not going to be a good thing for you.

Luckily for most users, this type of attack is very rare to find in the wild. So far it has been mostly found in compromised PDF files on the web but that does not mean that it cannot be found in other places as well. Once people know the trick of how to create this type of exploit you will start to see it more and more. Just be careful, even when your browser says that the site can be trusted. And watch out for corrupted PDF files.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*