Realtek Digital Certificates Accompany Malware

Sunday, November 14, 2010



Lethic botnet malware is now being discovered with signed digital certificates from a Taiwanese company, Realtek Semiconductor Corp.

The certificates are similar to those that accompanied the Stuxnet virus that has been targeting SCADA systems for several months, most notably power facilities in Iran and India.

There is no evidence that Realtek is authorizing the use of the certificates, and researchers speculate that criminal cyber gangs responsible for the Lethic malware are simply using unverified forgeries.

By contrast, Stuxnet was accompanied by verified signed digital certificates.

Mike Geide of Zscalar, the security company who first noted the use of the Realtek certificates, is hopeful that the Lethic forgeries will lead to the identification of the parties responible for the spam distributing botnet.

"While this is not a digital signature - it is still identifying info that may be able to tie certain malware samples to the same author / group / or binary builder," Geide wrote.

The presence of verified and unverified signed digital certificates is alarming, as it undermines confidence in systems designed to prevent the spread of malicious code.


Possibly Related Articles:
Viruses & Malware
malware Botnets Digital Certificates Stuxnet Headlines Lethic
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.