- Mar 15, 2011
- 13,070
A recently identified ZeuS trojan sample is digitally signed with a fake certificate whose purpose is to make the piece of malware harder to detect.
According to security experts from Avira who discovered the sample, the digital certificate is signed by an entity called "DetectMe" and dates since the end of February.
"We see hints like these regularly – malware authors proposing names for their malicious creations or suggesting a place where a signature based detection would be suitable. Of course, such hints are ignored by us for detection [...]," the Avira researchers note.
Although the ability to digitally sign code has been around since Windows NT, the practice has only seen more adoption starting with Vista where the difference between signed and unsigned executables is clearly noticeable in UAC (User Access Control) alerts.
Link
