HP to remove digital signature that code-signed malware

HP will take a digital certificate out of commission as of Oct. 21 after Symantec discovered it had been used to cryptographically sign (code-sign) malware in May 2010, according to a report by Brian Krebs.

The certificate was used to code-sign software shipped with HP products back then. Meant to instill confidence in the security of a component, the code-signing certificates are coveted by attackers who use them to make malware appear to be legitimate software. Symantec found what appeared to be an HP signature on a four-year-old trojan that may have been included in software, then eventually signed by one of HP's digital certificates.

The company began alerting clients that it would be revoking the certificate later this month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.