|Welcome Guest! Login|
Malware with valid certificate on 64-bit Windows version detected
Chinese criminals have developed malware for 64-bit Windows systems which are using a valid Code Signing certificate. This is what security company Kaspersky has discovered after an investigation that began in 2011. The malware would focus primarily on game developers.
Kaspersky began its research in the fall of 2011 after gamers were infected through an update of a popular game. Initially the software developer was suspected, but quickly the researchers discovered that the malware was used against the developer.
According to the security company, the discovery is a remark because it is the first time that malware for a 64-bit version of Windows is used and which has a valid signature. The malware consists of a dll library that is suitable for 64-bit Windows. At the request of Kaspersky, VeriSign has revoked the Code Signing certificate quickly.
Winnti, as the Chinese hacker group is called, would have used more valid certificates in attacks. In this way they tried to put virtual money in games and steal the source code of online games.