Home » News » Great part of malware on VirusTotal had Comodo certificate

Great part of malware on VirusTotal had Comodo certificate

Comodo center of certification (known now as Sectigo) released the greatest number of certificates that were used for signing of the malware program samples, found on VirusTotal.

It discovered Chronicle specialists during the conducted research.

“Unfortunately, system of certificates is built on a problematic core tenet: Trust”, — argue Chronicle experts.

The chain of trust is relatively straight-forward: certificates are signed (issued) by trusted certificate authorities (CAs), which have the backing of a trusted parent CA. This inherited trust model is taken advantage of by malware authors who purchase certificates directly or via resellers. Whether purchased directly or indirectly, due diligence into customers appears to be lacking.

In the research, Chronicle employees deepen in the analysis of executables Windows files (PE) that were uploaded in popular service of files’ analysis VirusTotal.

Read also: Microsoft published list of dangerous legitimate applications

Next, experts highlighted signed malicious executables and broke them into two groups, with every of them using its own signature certificate.

Experts discovered that in 3815 studied malwares 1775 had Comodo certificate, 509Thawte, 261VeriSign, 131Symantec and 118DigiCert.

Collected data also showed that certificates from 21% of samples were recalled before May 8, 2019.

“All hope is not lost. Certificate authorities are actively revoking certificates from malware executables that are identified in the wild. This indicates that CAs do take their responsibilities seriously, though more diligence around buyers may help prior to the proverbial cat being out of the bag”, — argued Chronicle experts.

Experts highlighted that the only way to address using certificates in criminal purposes is their recalling.

READ  Experts told about Linux-variant of Winnti Trojan

Source: https://medium.com/@chronicles

[Total: 0    Average: 0/5]

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Trojan MonsterInstall

Sites with cheats for games distribute users to the load Trojan crypto miner

A new modular trojan downloader in JavaScript has appeared on the Internet. Currently, it can …

Oracle WebLogic Vulnerability

Oracle has released an urgent patch to eliminate critical vulnerabilities in WebLogic Server

The company said that an unknown group of cybercriminals in real attacks is already actively …

Leave a Reply