Zeus Grabbing Kaspersky’s Digital Signatures

Trend Micro threat researchers has reported detecting several malicious web files that are using a strange digital signature which looks like be signed by antivirus company Kaspersky.
After analyzing the files and there signatures there has been a clear difference between the legitimate signature and fake one, the fake copy includes wrong hash values, and the signature has been expired.
This is not all what has been observed but after examining these web files it has been identified as a malicious ZeuS (ZBOT) variants detected as TSPY_ZBOT.BWP, TROJ_ZBOT.BYM, and TROJ_ZBOT.KJT.

This is not the first case that criminals use the Certificates to sign their web malwares. There has been another case about STUXNET malware that was also signed with a certificate from Realtek Semiconductors Corp. which has been later changed to JMicron Technology.

Now Trend Micro has notified Kaspersky Lab about this incident, while you can read more about Zeus here.

make sure you subscribe to my RSS feed!

Notify of
Newest Most Voted
Inline Feedbacks
View all comments

[…] This post was mentioned on Twitter by Mourad Ben Lakhoua and Mourad ben lakhoua, SecureTechnology. SecureTechnology said: #Security #infosec Zeus Grabbing Kaspersky’s Digital Signatures: Trend Micro threat researchers has report… http://bit.ly/dgxMa6 […]

Sports Energy

I like this blog.
Thanks for sharing this information.