Monday, June 21, 2010 1:15 PM cmosby

It's Signed, therefore it's Clean, right? – F-Secure Weblog

It's Signed, therefore it's Clean, right? Posted by Mikko @ 11:08 GMT | Comments

Jarno Niemelä from our lab did a study on malicious Windows binaries that have been signed (with Microsoft Authenticode).

Turns out, we have copies of tens of thousands of malware samples that have been signed.

Malware authors are attempting to use code signing techniques to their advantage.

signed

Details of this surprising find are presented in Jarno's presentation file, which can be downloaded from here (PDF). It was first presented in the CARO 2010 Technical Workshop in May 2010.

Filed under: ,

Comments

No Comments