Signed trojans
Sep 30th, 2012 by Jesper Kråkhede
Interesting enough signed code and signed websites have been regarded as fairly safe to use for the common user. Whenever the green bar is visible assuming that the page is valid has always been a safe bet. However, in South America a certificate issuer was hacked and a few malwares were signed and released in the wild. Having the hack in the Netherlands in fresh memory one has to start question if signing of code is really the way forward when even the sources of certificates can´t protect themselves. Microsoft had a problem with certificates as well that was used in the malware attacking Iran.
Moving forward, I would suggest, for high security machines to remove all certificate chains but those that you have to rely on. This would mean that ordinary usage of the computer would be problematic but in a high security context this would be mandatory as attacks using signed code will target those environments.