NEWS FROM THE LAB - Monday, June 21, 2010

It's signed, therefore it's clean, right? Posted by Mikko @ 11:08 GMT

Jarno Niemel´┐Ż from our lab did a study on malicious Windows binaries that have been signed (with Microsoft Authenticode).

Turns out, we have copies of tens of thousands of malware samples that have been signed.

Malware authors are attempting to use code signing techniques to their advantage.


Details of this surprising find are presented in Jarno's presentation file, which can be downloaded from here (PDF). It was first presented in the CARO 2010 Technical Workshop in May 2010.