<<<
Monday, June 21, 2010
>>>
 
It's signed, therefore it's clean, right? Posted by Mikko @ 11:08 GMT

Jarno Niemelš from our lab did a study on malicious Windows binaries that have been signed (with Microsoft Authenticode).

Turns out, we have copies of tens of thousands of malware samples that have been signed.

Malware authors are attempting to use code signing techniques to their advantage.

signed

Details of this surprising find are presented in Jarno's presentation file, which can be downloaded from here (PDF). It was first presented in the CARO 2010 Technical Workshop in May 2010.






<<< XSS
|
"Hacked By Turkish Hackers"? >>>