New Malware Signed With Stolen Government Certificate

Trailrunner7 writes "Security researchers claim that malware spreading via malicious PDF files is signed with a valid certificate stolen from the Government of Malaysia, in just the latest evidence that scammers are using gaps in the security of digital certificates to help spread malicious code. The malware, identified by F-Secure as a Trojan horse program dubbed Agent.DTIW, was detected in a signed Adobe PDF file by the company's virus researchers recently. The malicious PDF was signed using a valid digital certificate for mardi.gov.my, the Agricultural Research and Development Institute of the Government of Malaysia. According to F-Secure, the Government of Malaysia confirmed that the certificate was legitimate and had been stolen 'quite some time ago.'"

quite some time ago?

[Moheeheeko]

We talking days? weeks? months? years? And why wasnt it immediately flagged as stolen?

Why isn't this certificate revoked?

[Anonymous Coward]

The article makes no mention of the signing certificate being revoked. Why hasn't the signing certificate been revoked?

Re:quite some time ago?

[TClevenger]

I'd love to see a "NoScript" equivalent for CAs. Let ME decide if I should approve a certificate signed by the Hong Kong Post Office. (Yes, they're in there.)