Trojan uses fake Adobe certificate to evade detection

Share this article:
Trojan uses fake Adobe certificate to evade detection
Trojan uses fake Adobe certificate to evade detection

A backdoor trojan that targets Windows users is employing a fake Adobe certificate to remain undetected, researchers have found.

The malicious file carries an Adobe icon, but is suspiciously named “Word13.exe,” said Hiroshi Shinotsuka, a Symantec researcher who blogged about the malware on Friday.

Once on victims' machines, the trojan injects itself into Internet Explorer or the user's Notepad programs. The malware is capable of stealing data and creating, downloading, moving or deleting files. It also can capture screen shots from the compromised computer and steal information from Skype users.

Aside from using the Adobe icon to trick users into trusting the file's legitimacy, the malware authors also have used a fake digital signature and entered other bogus certificate information (see screen shot), Shinotsuka said.

“It's fake, as the ‘Issued By' field says ‘Adobe Systems Incorporated,'” he wrote.  “Adobe is a VeriSign customer. Also, in the certificate information, we see that the [certificate authority] root certificate is not trusted – another dead giveaway.”

Because VeriSign does the code signing for Adobe products, a legitimate cert would be issued by the Reston, Va.-based security company, Shinotsuka explained, not Adobe itself.  

In a Monday interview, Satnam Narang, security response manager at Symantec, told SCMagazine.com that the trojan has not yet been assigned a name, and that it could have been delivered through phishing emails containing weaponized attachments or via drive-by download.

Narang added that infection levels are currently low, as this threat surfaced on researchers' radars as recently as the past couple of weeks.

“We don't necessarily have a specific number [of infections],” Narang said. “This is something we discovered in the wild. We don't have specific details on how many people, but it is pretty low at this point.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.