Family of Malware Returns

During the holiday season, it isn’t unusual to have visits with family members you haven’t seen for a while. You may not especially like all of these relatives, but at this time of the year, it just wouldn’t seem like the holidays without some rogue family members darkening our doorstep.

SlideShow: The Most Significant Cyber Attacks of 2013

Or our computer network. According to Microsoft, a family of rogue antivirus malware has reappeared, this time using digital certificates as a disguise to make its attack. As a SecurityWeek article pointed out:

During the past month, a rogue antivirus program known as ‘Antivirus Security Pro’ (detected as Rogue:Win32/Winwebsec) has stepped up and adopted the tactic in a big way, as Microsoft speculates that the dozen or so certificates it has seen being used may just be the tip of the iceberg if there are other variants are out there.

The developers of the malware used some pretty well-known digital certificates, like Verisign. The end goal is to steal passwords and other sensitive information from the users who unknowingly download the malware.

That isn’t the only malware family to worry about this Christmas. Several malware families are working together, according to Softpedia:

The latest versions of the Trojan known as Fareit are capable of stealing not only passwords, but also digital certificates. Once it infects a computer, the threat downloads Sirefef and signed copies of Winwebsec. In turn, Winwebsec retrieves digitally signed copies of the threat called Ursnif.

Why turn to digital certificates as a way to spread malware? Jeff Hudson, Venafi CEO, told me in an email that cybercriminals have quickly learned that the best way to breach networks and get their hands on sensitive data and intellectual property is to make themselves appear as trusted entities within the environments and networks they infiltrate. This latest attack, he said, is just a new feather in the bad guys’ cap. Hudson explained:

Trust-based attacks that leverage stolen, spoofed or compromised certificates and cryptographic keys are symptomatic of an overlying problem that plagues every organization around the globe. Certificates and keys are foundational components for digital security and trust, and used nearly ubiquitously to sign code and malware, secure VPNs, authenticate systems, applications and clouds as well as mobile devices. They’re really the perfect attack vector and expose all networks to vulnerabilities from advanced, targeted attacks. Digital keys and certificates are the Internet equivalent of gold and we will continue to see the headlines riddled with similar attacks in the years to come because of the simple truth that we are losing the battle to identify and secure these incredibly valuable trust instruments that allow users to seamlessly infiltrate even the most secure security investments.

When they aren’t properly protected, Hudson added, digital certificates, which are used for their security, are vulnerable to an attack. The solution? A multi-layered security solution that includes proper control of keys and certificates.

This is one family you don’t want showing up to ruin your holiday!