Home » News » Great part of malware on VirusTotal had Comodo certificate

Great part of malware on VirusTotal had Comodo certificate

Comodo center of certification (known now as Sectigo) released the greatest number of certificates that were used for signing of the malware program samples, found on VirusTotal.

It discovered Chronicle specialists during the conducted research.

“Unfortunately, system of certificates is built on a problematic core tenet: Trust”, — argue Chronicle experts.

The chain of trust is relatively straight-forward: certificates are signed (issued) by trusted certificate authorities (CAs), which have the backing of a trusted parent CA. This inherited trust model is taken advantage of by malware authors who purchase certificates directly or via resellers. Whether purchased directly or indirectly, due diligence into customers appears to be lacking.

In the research, Chronicle employees deepen in the analysis of executables Windows files (PE) that were uploaded in popular service of files’ analysis VirusTotal.

Read also: Microsoft published list of dangerous legitimate applications

Next, experts highlighted signed malicious executables and broke them into two groups, with every of them using its own signature certificate.

Experts discovered that in 3815 studied malwares 1775 had Comodo certificate, 509Thawte, 261VeriSign, 131Symantec and 118DigiCert.

Collected data also showed that certificates from 21% of samples were recalled before May 8, 2019.

“All hope is not lost. Certificate authorities are actively revoking certificates from malware executables that are identified in the wild. This indicates that CAs do take their responsibilities seriously, though more diligence around buyers may help prior to the proverbial cat being out of the bag”, — argued Chronicle experts.

Experts highlighted that the only way to address using certificates in criminal purposes is their recalling.

READ  Despite the venerable age of 9 years, China Chopper backdoor is still effective

Source: https://medium.com/@chronicles

[Total: 0    Average: 0/5]

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Android 0-day Vulnerability

Another 0-day vulnerability discovered in Android

Participants in the Google project Zero Day Initiative (ZDI) published details of a 0-day vulnerability …

Android more expensive than iOS

Zerodium first rated exploits for Android more expensive than for iOS

The well-known vulnerability broker, Zerodium, has updated its price list, and now for the first …

Leave a Reply