Zeus Variant Forging Digital Signature of Avira Certificate Detected

Latest news
Dr. Web Finds Fresh Version of Trojan Rmnet Scam E-mail Circulates Soliciting Private Banking Details Amnesty International Website Compromised to Produce Malware Cyber-criminals’ Latest Strategy is Application-Based Malware Scam, Which Infects Twice, Spotted

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
HSBC Clients Targeted with Phishing Scam BBB Cautions about Phishing E-mails Supposedly from American Express USPS Cautions Consumers about Malware Laced Scam E-mails St. George Bank Clients Alerted about Fraudulent E-mails Commtouch Cautions about Siberian Dogs Fraudulent E-mail

Trampolines usa

Zeus Variant Forging Digital Signature of Avira Certificate Detected

Written by Administrator

Monday, 28 February 2011 14:00

Security investigators at Avira a German anti-virus company are cautioning that one fresh variant of Zeus, an advanced PC Trojan that attacks financial institutions and websites, has emerged that uses an impersonated digital certificate apparently that of Avira.

Incidentally, it's rare that digitally signed malicious programs are found, since malware writers will hardly find alternatives for applying it accurately as also it normally is not worth the effort.

But, the latest Zeus variant doesn't possess an authentic signature. Moreover, an attempt to see a digital signature's properties brings forth a message from Microsoft Windows that states that there has been the processing of a certificate sequence; however, stopped within the origin of certificate that the trust supplier doesn't trust.

Note the researchers at Avira that this message should not be misunderstood since its implication merely is that Avira GmbH hasn't created this certificate and hence, it isn't an illegally acquired certificate. Softpedia.com published this on February 21, 2011.

Meanwhile, it was on February 10, 2011 when the certificate utilized for digitally signing the variant emerged as also the day it posed as a VeriSign-issued certificate. Nevertheless, as per the error note's implication, it's not the same as VeriSign's original certificate attached to Windows, an obvious indication that it is false.

Worryingly, it isn't new to have a Zeus sample disguising as an allegedly authentic digital certificate. Previously, Zeus distributors utilized a digital signature that pertained to a Kaspersky device created for cleansing PCs off precisely that malware.

Indeed, it's because of the above kind of incidents that certain researches have reached the conclusion that a huge 44% of the total number of financial malware programs has been created in line with Zeus.

This alarming situation given, it's horrifying still for learning that most new security software, despite being in its up to date form, cannot detect and eliminate Zeus infections, specialists observe.

Furthermore, according to one new research by Trusteer the security company, a good 55% of the total number of tested 10,000 PCs that had up to date security applications deployed, couldn't find and eliminate the Zeus malware, specialists conclude.

Read full article...