Welcome to cissp CISSP training Certified Information Systems Security Professional
Search
Nickname Password Security Code Security Code Type Security Code  

You are certified but are your qualified? Become qualified today.

Rated #1 Training

Library of Documents

Forum Postings

CISSP's Blogs

Recommended Podcasts

MISC Menu

Security Books

Surveys

Where do you find the best price for books?

Amazon.Com
Bookpool.Com
The ISC2 webstore
CISSPS.COM
Cheapbooks.com
Ecampus.com
Other (Please leave a comment with name of site)



Results
Polls

Votes: 1436
Comments: 33

Top10 Links

Top10 Downloads

Who's Online

There are currently, 76 guest(s) and 13 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

Training Classes Calendar

Test of Widget

 

Viruses and Digital Signatures
Posted on Saturday, 06 March 2010 @ 07:29:21 EST
Contributed by cdupuis | Topic: Virus

Recently, Symantec received some malicious files which appeared to be signed by “Adobe Systems Incorporated”. On closer inspection, however, it was seen that the signature was just a ruse used by the malware author to give an air of legitimacy to the files. Virus writers are getting smarter and going that extra mile to digitally sign their files. Using this technique the malware authors could, for example, penetrate an environment where only signed files are allowed but the authenticity of the signature is not checked.
 
Although the files are signed, they are signed using an unauthenticated CA (Certificate Authority) which is masquerading as Verisign. A CA is a trusted third party that issues and signs the certificate and vouches for the authenticity of the file. Each CA should be registered and therefore recognized globally as a trusted signer. The signature on the certificate is verified by the signer’s public key.
 
What the malware authors have tried here is to create their own CA and attempt to use it to sign these malicious files. They chose a misleading name for their CA, namely "Verisign", but their private key used for signing will obviously be different from the authentic Verisign CA key. Therefore this renders their CA untrustworthy so that, while the file still has a valid signature, it is not from the real Verisign CA.
 
Also, although the file is correctly signed by a company called "Adobe Systems Incorporated," that company has been certified by their fake Verisign CA and therefore has no meaning or relation to the real "Adobe Systems Incorporated."
 
Shown below are the real and fake Verisign CA signed files. On the left you can see that the certificate chain is not trusted all the way to the root where as on the right side (a real Adobe file) the certification chain is trusted up to the root.
 
 

 

certificates.jpg

path.jpg

On Windows machines with User Access Control enabled, a warning similar to the one shown below will be displayed (warning that the publisher is unknown).
 
 

warning_1a.jpg

 
So, in a nutshell, creating “authentic-looking” certificates to make malicious files look legitimate is a trick which virus writers are employing to challenge today’s sophisticated security mechanisms. We have written about certificates being abused previously. The following blog article has more information: Phishing Toolkits Attacks are Abusing SSL Certificates
 
So, play safe, and check the authenticity of the signature whenever one is present.

See original article on the Symantec Blog at:  http://www.symantec.com/connect/blogs/viruses-and-digital-signatures

Login

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Related Links

Article Rating

Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad

Options

"Viruses and Digital Signatures" | Login/Create an Account | 11 comments | Search Discussion
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

0102 (Score: 1)
by abcd0102 on Monday, 26 April 2010 @ 21:38:18 EDT
(User Info | Send a Message)

The newest version of air max [www.sellairmax.com] are available now.Welcome to see our special air max 90 [www.sellairmax.com] and Air Max 360.They are your must-have cheap air max [www.sellairmax.com]. nike air max 2009 [www.sellairmax.com]. air max 2010 [www.sellairmax.com]. air max 97 [www.sellairmax.com].




Re: Viruses and Digital Signatures (Score: 1)
by ameral3zab on Thursday, 13 May 2010 @ 00:29:55 EDT
(User Info | Send a Message)

 thank u my daer
Very interesting post, I will be checking into this website again

<a href=" http://qtryat.com/vb/ [qtryat.com]" title="منتديات">منتديات</a>
<a href=" http://qtryat.com/vb [qtryat.com]" title="قطر">قطر</a>
<a href=" http://qtryat.com/vb/index.php [qtryat.com]" title="منتديات">منتديات</a>
<a href=" http://qtryat.com/vb [qtryat.com]" title="qatar">qatar</a>
<a href=" http://qtryat.com/vb [qtryat.com]" title="qtr">qtr</a>
<a href=" http://qtryat.com/vb/ [qtryat.com]" title="qtryat">girls qtryat</a>
<a href=" http://qtryat.com/vb/ [qtryat.com]" title="girls qtryat">qtryat</a>
<a href=" http://qtryat.com/vb [qtryat.com]" title="بنات">بنات</a>
<a href=" http://qtryat.com/vb [qtryat.com]" title="قطريات">قطريات</a>
<a href=" http://qtryat.com/vb/ [qtryat.com]" title="بنات قطر">بنات قطر</a>
<a href=" http://qtryat.com/vb/ [qtryat.com]" title="بنات قطريات">بنات قطريات</a>
<a href=" http://web.msryat.org/ [web.msryat.org]" title="دليل مواقع">دليل مواقع</a>
<a href=" http://msryat.org/ [msryat.org]" title="شات">شات</a>
<a href=" http://dolls-games.msryat.org/ [dolls-games.msryat.org]" title="العاب دولز">العاب دولز</a>
<a href=" http://dolls-games.msryat.org/ [dolls-games.msryat.org]" title="العاب">العاب</a>
<a href=" http://games.msryat.org/ [games.msryat.org]" title="العاب">العاب</a>
<a href=" http://forums.msryat.org [forums.msryat.org]" title="بنات مصر">بنات مصر</a>
<a href=" http://qtryat.com/vb/showthread.php?t=28944 [qtryat.com]" title="خريطة قطر">خريطة قطر</a>
<a href=" http://qtryat.com/vb/showthread.php?t=18723 [qtryat.com]" title="حظك اليوم">حظك اليوم</a>
<a href=" http://qtryat.com/vb/showthread.php?t=25514 [qtryat.com]" title="طيور الجنة">طيور الجن&#15

Read the rest of this comment...




Re: Viruses and Digital Signatures (Score: 1)
by yanrikun on Wednesday, 05 May 2010 @ 02:21:52 EDT
(User Info | Send a Message)

Never owned a bag in snakeskin before? Here is the perfect opportunity to join the cutting edge style. Some bags and accessories to try and snake skin, but below, the fabric is too light or artificial. Gucci Handbags [www.ebags-replicas.com] A quickarrest in May for the logo incorrect spacing shifted to theOutside, typographical errors or smudginess lightly. When you watch a monogram Gucci bag, the "Gshould all be the same proportion. ?Examine the seams. A bright watches is a great idea to liven up a dreary weather day and will ensure that all eyes are on you. Using watches with warm colors in the fall and the winter will brighten up and add pizzazz to any man��s winter ensemble. Cartier replica Watches [www.ereplicawatches.net] The description carry all originated in the 40s signifying its used as a shopper. These bags are perfect to hold all your necessary items as books, beachwear and others. Totes will eventually find their presence in boardrooms, boardwalks and beaches. Ladies MOP Diamond Dial Rolex Super President Among different models of Ladies watch, this model has also been quite popular. Its Italian made 18k yellow gold President bracelet, embedded with 232 diamonds, appears bold and powerful. Cheap Sunglasses [www.sunglassestrade.com] Accessories can make an extraordinary woman. But a silk watches for women ´swas not merely theaccessory, it is the voice of your very special status. Welcome to the world of brand watches. You delicate life begins here. Later, adding to its popularity, the new sapphire crystal was introduced, giving scratch resistance and waterproof security to the Datejust model.Now, it has become easier to own a masterpiece like Mens Rolex Datejust. Prada Handbags [www.ebags-replicas.com] What war worn in World Is Not Enough was Omega Seamaster Professional Chronometer, which could changed into hook. From then on, since people can only memorize short-term things and marketing done by watch producers, Omega Seamaster has replaced Rolex Submariner and become Bonds typical watch. Somewhere during that time, the benefits of having a logo and brand name to distinguish a product from its competitors was just being discovered, and Wilsdorf capitalized on this opportunity. Louis Vuitton Sunglasses> [www.sunglassestrade.com] For those who do not wear a long-term mechanical watches, should also have regular winding to make it machine-chip rotation. The Big Bang Purple Carat, Blue Carat and Orange Carat are making their debuts in both 18k red gold and black ceramic versions. Slightly smaller than the original Big Bang case diameter of 44.5mm, the "Carat" has 41mm case and a polished bezel set with topaz, amethysts or sapphires. Rolex replica Watches [www.ereplicawatches.net] Soon after AP released the Royal Oak City of Sails Chronograph to mark the success of Team Alinghi. Since then AP has also become involved in formula one racing and in 2004 honored juan pablo montoya with a limited edition piece followed in 2006 with a watch honoring Rueben Barrichello. In 1969, see the first power of quartz was available on the market. Quartz has special properties so when it is in the form ofa certain way and subject to an electric field, it bends. When the field is removed the crystal generates an electric field of its own because it returns to its original form. Replica Sunglasses [www.sunglassestrade.com] They also feature unique design which suits the needs of the athletes. Diving wa

Read the rest of this comment...




Re: Viruses and Digital Signatures (Score: 1)
by ameral3zab on Monday, 17 May 2010 @ 01:57:57 EDT
(User Info | Send a Message)

  العاب [www.1tesh.com] العاب طبخ [www.1tesh.com] برامج [soft.1tesh.com] يوتيوب [video.1tesh.com] توبيكات [topics.1tesh.com] صور [pic.1tesh.com] دليل [links.1tesh.com] بث مباشر [tv.1tesh.com] العاب باربي [www.1tesh.com] العاب سيارات [www.1tesh.com] العاب تلبيس [www.1tesh.com] العاب بنات [www.1tesh.com] منتديات [www.1tesh.com] عالم حواء [www.1tesh.com] العاب اطفال [www.1tesh.com] العاب اكشن [www.1tesh.com] العاب مكياج [www.1tesh.com] العاب حرب [www.1tesh.com] العاب قص الشعر [www.1tesh.com] العاب دراجات [www.1tesh.com] العاب مضحكة [www.1tesh.com] العاب صور [www.1tesh.com] العاب براتز [www.1tesh.com] العاب ديكور [www.1tesh.com] العاب تلوين [www.1tesh.com] العاب ماريو [www.1tesh.com] العا&#15

Read the rest of this comment...




rolex (Score: 1)
by lifuli on Wednesday, 02 June 2010 @ 03:34:00 EDT
(User Info | Send a Message)

cynicism As tag heuer [www.watchesview.com] we've replica watches [www.watchesview.com] discussed at length breitling [www.watchesview.com] in posts fake rolex [www.watchesview.com] on both RS fake watches [www.watchesview.com] and E+, it breitling watches [www.watchesview.com] takes a lot of people Feel cartier watches [www.watchesview.com] free to patek philippe [www.watchesview.com] join at omega watches [www.watchesview.com] whatever amount cartier [www.watchesview.com] is comfortable. rolex [www.watchesview.com] It’s not about the dollar amount




watches (Score: 1)
by lifuli on Wednesday, 02 June 2010 @ 03:38:11 EDT
(User Info | Send a Message)

to keep everything breitling [www.replicame.com] we do breitling watches [www.replicame.com] in motion hublot [www.replicame.com] And it's bvlgari [www.replicame.com] all held panerai [www.replicame.com] together by rado [www.replicame.com] a small professional vacheron constantin [www.replicame.com] staff that longines [www.replicame.com] needs to pay patek philippe [www.replicame.com] the rent manifesting. replica watches [www.replicame.com] Our goal fake watches [www.replicame.com] is no less omega watches [www.replicame.com] than the replica rolex [www.replicame.com] evolutionary transformation tag heuer [www.replicame.com] of humanity that comes




Re: Viruses and Digital Signatures (Score: 1)
by lifuli on Wednesday, 02 June 2010 @ 22:25:59 EDT
(User Info | Send a Message)

have helped tag heuer [www.watchesview.com] to kick start replica watches [www.watchesview.com] a social movement. breitling [www.watchesview.com] So many fake rolex [www.watchesview.com] people have fake watches [www.watchesview.com] given so much breitling watches [www.watchesview.com] of themselves cartier watches [www.watchesview.com] to make patek philippe [www.watchesview.com] Evolver omega watches [www.watchesview.com] possible it cartier [www.watchesview.com] continues to blow me rolex [www.watchesview.com] away.




Re: Viruses and Digital Signatures (Score: 1)
by lifuli on Wednesday, 02 June 2010 @ 22:32:44 EDT
(User Info | Send a Message)

That dedication breitling [www.replicame.com] extends to the breitling watches [www.replicame.com] staff, who hublot [www.replicame.com] stretch themselves bvlgari [www.replicame.com] in remarkable panerai [www.replicame.com] ways to help rado [www.replicame.com] achieve our vacheron constantin [www.replicame.com] shared vision of longines [www.replicame.com] the change that patek philippe [www.replicame.com] is manifesting Our replica watches [www.replicame.com] goal is no fake watches [www.replicame.com] less than the omega watches [www.replicame.com] evolutionary transformation replica rolex [www.replicame.com] the magical aspects tag heuer [www.replicame.com] of life and cultivates a visceral




Re: Viruses and Digital Signatures (Score: 1)
by loay1988 on Wednesday, 21 July 2010 @ 16:01:28 EDT
(User Info | Send a Message)

يوتيوب [www.o2o1.com] يوتيوب حركات [www.o2o1.com] باب الحارة 5 [www.o2o1.com] باب الحارة الجزء الخامس [www.o2o1.com] عرب يو [www.arbyou.com] استضافة [www.a7la3lm.com] دليل مواقع [www.o2o1.com] العاب فلاش [www.games.o2o1.com] العاب [www.games.o2o1.com] العاب حركات [www.games.o2o1.com] منتديات حركات [www.o2o1.com] عرب تيوب [www.3rbtube.com] يوتيوب [www.o2o1.com] يوتيوب السعودية [www.tubeksa.com] سعودي تيوب [www.tubeksa.com] مسلسل ازواج الحاجة زهرة [www.o2o1.com] مسلسل ليلة عيد [www.o2o1.com] خواطر 6 [www.o2o1.com] مسلسل بيني وبينك 4 [www.o2o1.com] مسلسل عايزة اتجوز [www.o2o1.com] مسلسل طاش 17 [www.o2o1.com] يوتيوب نسائي [www.o2o1.com] شات [www.o2o1.com] شات حركات [www.o2o1.com] يوتيوب رياضة - مصارعة - كورة [www.o2o1.com] يوتيوب حوادث [www.o2o1.com] يوتيوب مسلسلات [www.o2o1.com] طيور الجنة [www.o2o1.com] العاب شمس [flash.o2u1.com]




Re: Viruses and Digital Signatures (Score: 1)
by loay1988 on Wednesday, 21 July 2010 @ 16:01:57 EDT
(User Info | Send a Message)

مسلسلات رمضان 2010 [video.o2u1.com] حلقات مسلسل طاش ما طاش 17 [video.o2u1.com] حلقات مسلسل زواره الخميس [video.o2u1.com] حلقات مسلسل صبايا الجزء 2 [video.o2u1.com] حلقات مسلسل بيني وبينك 4 [video.o2u1.com] حلقات مسلسل باب الحارة الجزء الخامس [video.o2u1.com] حلقات مسلسل انا القدس [video.o2u1.com] حلقات مسلسل اهل الراية 2 [video.o2u1.com] حلقات مسلسل ازواج الحاجة زهرة [video.o2u1.com] حلقات مسلسل العار [video.o2u1.com] حلقات مسلسل مرايا 2010 [video.o2u1.com] حلقات مسلسل ليلة عيد [video.o2u1.com] حلقات مسلسل ملك التاكسي [video.o2u1.com]




replica watches (Score: 1)
by replicahandbag on Friday, 23 July 2010 @ 21:48:50 EDT
(User Info | Send a Message)

I have done quite paul smith handbags [www.mylacebags.com]a lot of reading on various Android prada replica [www.mylacebags.com]forums but would like clarification replica handbags [www.mylacebags.com] from former BB users who switched Juicy Corture handbags [www.marisabags.com] to a Droid phone. I understand I dolce and gabbana handbags [www.marisabags.com] will need to use Google for my celine handbags [www.marisabags.com]contacts and calendar. coach replica handbags [www.thelacebags.com]I am not really interested in designer handbags [www.thelacebags.com]syncing it with my Outlook designer replica handbags [www.thetotebag4u.com] so that is OK. I can make that switch bally replica handbags [www.thetotebag4u.com]. With the aim to learn how Glashutte replica [www.poperwatches.com]to lose fat fast chest, you need DeWitt replica [www.poperwatches.com] two practical things: nailing the target Bvlgari replica [www.poperwatches.com] zone with fatty breast exercises, then burn Montblanc for sale [www.qualityfirstwatch.com]the fat of the breast, cardiovascular exercises Glashutte for sale [www.qualityfirstwatch.com]. These two factors are the fastest oris for sale [www.standardwatch.com]way to turn away from the chest fat for good strip replica Jaquet droz [www.standardwatch.com]that fat.If you want to lose fat fast . designer watches [www.thefirstwatches.com]chest, you must work with the cardiovascular exercises such Panerai watches [www.thefirstwatches.com] as walking.




All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.


  • Career
  • Magazines
  • Conferences
  • Study Books
  • Certifications
  • Training
  • Tutorials
  • Quizzes
  • Forums

    • Page Generation: 1.29 Seconds