Trojan Uses Fake Adobe Certificate to Evade Detection

Symantec experts have analyzed an interesting variant of Backdoor.Trojan

By on June 15th, 2013 19:51 GMT

It’s not uncommon for cybercriminals to sign their creations with digital certificates, because the technique increases the malware’s chances to evade being detected by antivirus solutions. Symantec experts have spotted another interesting example.

The malware, detected by Symantec as Backdoor.Trojan, is disguised as a file called “Word13.exe.”

The file has an Adobe Reader icon and it appears to be signed by a certificate issue by Adobe Systems Incorporated.

However, as experts highlight, the certificate is clearly fake, since Adobe is a VeriSign customer. In addition, the CA Root certificate is not trusted, which is another sign of a scam.

Once it’s executed, the malware injects itself into iexplore.exe and notepad.exe and opens a backdoor to allow its master to take over the infected device.

The trojan is capable of stealing information, creating folders, capturing screenshots, emulating mouse functions, stealing Skype information, and create, download, delete, move, and execute files.

Comments

Malware signed with fake Adobe digital certificate
   Malware signed with fake Adobe digital certificate