Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Incidents

September 28th, 2012, 07:34 GMT · By

Adobe Identifies Malicious Apps Signed Using Valid Certificate

SHARE:

Adjust text size:

Adobe will revoke compromised code signing certificate on October 4
Enlarge picture
Adobe engineers have recently identified a couple of malicious utilities that appeared to be digitally signed with the use of a valid code signing certificate. As a result, the company plans to revoke the code signing certificate for Windows on October 4, 2012.

According to Brad Arkin, Adobe’s senior director of security, the revocation only affects three Adobe AIR apps and the Windows platform, and only a limited number of customers may need to take certain action. He reveals that there is no evidence that any sensitive information has been compromised.

In a separate post on Adobe’s Secure Software Engineering Team (ASSET) blog, Arkin explained that they identified a compromised build server with access to the code signing infrastructure.

“Our forensic investigation is ongoing. To date we have identified malware on the build server and the likely mechanism used to first gain access to the build server. We also have forensic evidence linking the build server to the signing of the malicious utilities,” he said.

One of the malicious utilities signed by the soon-to-be-revoked signing certificate is pwdump7 v7.1 – designed to extract password hashes from Windows. The second corrupted application is myGeeksmail.dll, a malicious ISAP filter.

Jeff Hudson, CEO of Venafi – a certificate management company – has revealed for Softpedia the risks posed by certificate-based compromises.

“Certificate-based compromises are becoming as common as phishing attacks and malware infections. Adobe’s admission that one of its certificates has been hijacked is another example of why organizations that rely on this most basic trust technology need to have a strategy in place for quickly identifying, revoking and replacing them when they have been compromised,” he explained.

“Unfortunately, most organizations wait until a disaster strikes before taking action, hopefully this will serve as a wake-up call to all enterprises that there is simply no excuse for not having a remediation plan in place.”


1,391 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


Shamoon Malware Covers Its Tracks by Wiping Master Boot Record
Mobile Version of ZeuS Trojan Targets BlackBerry Users
GlobalSign Customers Protected Against Phishing Attacks with Netcraft Technology
NIST and Venafi Highlight the Risks of CA Compromises
Experts Name Flame’s MD5 Chosen-Prefix Collision Attack “Unknown”

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use