(LiveHacking.Com) – A certificate stolen from the Malaysian Agricultural Research and Development Institute, which was taken “quite some time ago”, has turned up as the digital signature used on a piece of malware known as Trojan-Downloader:W32/Agent.DTIW.
The malware, which spreads via malicious PDF files that install it after exploiting holes in Adobe Reader 8, downloads additional malicious components from a server called worldnewsmagazines.org.
By using a private signing certificate that belongs to the Malaysian government the malware is able to bypass the warnings issued by Windows about untrusted software.
According to F-Secure, who discovered the malware signed with the a stolen certificate:
It’s not that common to find a signed copy of malware. It’s even rarer that it’s signed with an official key belonging to a government.
The use of digital certificates and the role of Certificate Authorities (CA) continues to be a hot topic following several well publicized security breaches (Diginotar and Comodo) and the subsequent revoking of fraudulently issued certificates.