Posted on 06/15/2015 8:24:50 PM PDT by dayglored
The super-sophisticated malware that infiltrated Kaspersky Labs is more crafty than first imagined.
We're told that the Duqu 2.0 software nasty was signed using legit digital certificates issued to Foxconn – a world-leading Chinese electronics manufacturer, whose customers include Microsoft, Dell, Google, BlackBerry, Amazon, Apple, and Sony. The code-signing was uncovered by researchers at Kaspersky Lab, who are studying their Duqu 2.0 infection.
Windows trusts Foxconn-signed code because the Chinese goliath's certificate was issued by VeriSign, which is a trusted certificate root. Thus, the operating system will happily load and run the Foxconn-signed Duqu 2.0's 64-bit kernel-level driver without setting off any alarms. And that would allow the malware to get complete control over the infected machine.
Kaspersky Lab experts reckon Duqu's masterminds have been able to snatch copies of the private keys to various code-signing certificates, using a different one in each attack on an organization. The Foxconn certificate used in this instance was most likely stolen.
The Russian security firm said the Foxconn certificate leak undermines the use of digital certificates as a reliable tool for validating computer code: the whole point of them is to prove that software has not been tampered with, and was built by the vendor signing the executable.
...
As previously reported, Duqu 2.0 exploits up to three zero-day vulnerabilities, marking it out as sophisticated and likely the work of an intelligence agency – Israel's spies are suspected. Duqu 2.0 resides solely in the computer’s memory, with no data written to disk....
(Excerpt) Read more at theregister.co.uk ...
>or purchase from an independent system integrator...
I am amazed there are any of those left.
Yeah, I wonder about things like my Bluetooth keyboard.
Yes, it’s da Jooooooooooz.
/sarc
America first. American internet first - freeze out scammers.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.