[cryptography] Digitally-signed malware
marsh at extendedsubset.com
Wed Jun 22 11:04:56 EDT 2011
On 06/22/2011 09:40 AM, Steven Bellovin wrote:
> Not surprising to most readers of this list, I suspect...
The interesting thing is that code signing schemes have been around for
decades but 2010 is the first time malware even bothered to steal
signing keys. :-)
What happens if the bad guy just strips the signature? What are the
circumstances under which an OS or user+OS will refuse to run code that
just isn't signed at all?
64-bit drivers for Windows Vista and later. Some locked down "walled
garden" environments, almost always jail-breakable in practice.
When does the name of the party that signed it actually matter?
What if the bad guy signs the malware with some unrelated party's cert?
When any valid signature will do, the effective security provided by the
code signing scheme decreases exponentially with the total number of
signing certificates issued. MSIE displays the name to the user when
prompting to run ActiveX controls. The user is expected to be able to
determine if the name on the control is correct and refuse to run it if not.
Even if the correct party is required to have signed the code, the bad
guy can commonly redistribute an older (properly signed) version with a
security hole which he then exploits. Thus revocation is even more
critical than with identity certificates.
Code signing. Occasionally useful.
More information about the cryptography