[cryptography] Microsoft Sub-CA used in malware signing

Marsh Ray marsh at extendedsubset.com
Tue Jun 12 12:05:27 EDT 2012


On 06/12/2012 10:58 AM, Thor Lancelot Simon wrote:
>
> One wonders what Microsoft knows about who requested all those licenses.
> Presumably there was some effort put into plausible deniability.

Considering that the Flame attackers are said to operate 80 
command-and-control servers at locations around the world, we can assume 
they have extensive experience with purchasing computing services 
anonymously.

My guess is that Microsoft learned nothing about the attackers via the 
license requests.

- Marsh



More information about the cryptography mailing list