newsbot
22-06-2010, 12:58 AM
Jarno Niemelä from our lab did a study on malicious Windows binaries that have been signed (with Microsoft Authenticode (http://technet.microsoft.com/en-us/library/cc750035.aspx)).
Turns out, we have copies of tens of thousands of malware samples that have been signed.
Malware authors are attempting to use code signing techniques to their advantage.
http://www.f-secure.com/weblog/archives/signed.png (http://www.f-secure.com/weblog/archives/Jarno_Niemela_its_signed.pdf)
Details of this surprising find are presented in Jarno's presentation file, which can be downloaded from here (http://www.f-secure.com/weblog/archives/Jarno_Niemela_its_signed.pdf) (PDF). It was first presented in the CARO 2010 Technical Workshop in May 2010.
On 21/06/10 At 11:08 AM
**Hidden Content: Check the thread to see hidden data.**
Turns out, we have copies of tens of thousands of malware samples that have been signed.
Malware authors are attempting to use code signing techniques to their advantage.
http://www.f-secure.com/weblog/archives/signed.png (http://www.f-secure.com/weblog/archives/Jarno_Niemela_its_signed.pdf)
Details of this surprising find are presented in Jarno's presentation file, which can be downloaded from here (http://www.f-secure.com/weblog/archives/Jarno_Niemela_its_signed.pdf) (PDF). It was first presented in the CARO 2010 Technical Workshop in May 2010.
On 21/06/10 At 11:08 AM
**Hidden Content: Check the thread to see hidden data.**