Select your language:  English
Shopping cart:
now in your cart 0 item(s)
Use keywords to find the product you are looking for.
Advanced Search
Can you trust signed code? No, you can't! by News

A common misconception is that if a piece of code, such as an application, has been signed, it’s clean and safe to install. Wrong!

According to Jarno Niemelä of F-Secure, there are literally tens of thousands of instances of malware in the wild that are signed.

How does this happen? There are plenty of ways to get a certificate into malware:

  • Copying Certificate information from clean files
  • Selfsigned certs with fake name
  • MD5 forgery
  • Get certified and be evil
  • Get certificate with misleading name
  • Get certificate with misleading name
  • Find someone to sign your stuff for you
  • Steal a certificate
  • Infect developers system and get signed with software release

Bottom line, the certificate is worth the paper it’s printed on, so be careful what you go and install! It’s a jungle out there!

PDF of the report can be found here.


Author: Adrian Kingsley-Hughes

Original Article: HERE

This article was published on Wednesday 30 June, 2010.
Current Reviews: 0  Write Review 
Tell a friend
Tell a friend about this article:  
Your Account
Your Email Address
Your Password