Trojan Uses Fake Adobe Certificate

Thursday, June 20, 2013 @ 01:06 AM gHale

It’s not uncommon for cybercriminals to sign their malware with digital certificates, because the technique increases the chances of evading detection by antivirus solutions.

One type of malware detected by Symantec researchers is a Backdoor.Trojan, is disguised as a file called “Word13.exe.”

Security Breach Fantasy Land
Botnet Hurt, so are Researchers
P2P Botnets Keep Growing
Global Cybercrime Botnet Breached

The file has an Adobe Reader icon and it appears to have a certificate issue by Adobe Systems Incorporated.

However, as experts researchers said, the certificate is clearly fake, since Adobe is a VeriSign customer. In addition, the CA Root certificate is not trusted, which is another sign of a scam.

Once executed, the malware injects itself into iexplore.exe and notepad.exe and opens a backdoor to allow its master to take over the infected device.

The Trojan is capable of stealing information, creating folders, capturing screenshots, emulating mouse functions, stealing Skype information, and create, download, delete, move, and execute files.

One Response to “Trojan Uses Fake Adobe Certificate”

  1. […] Trojan Uses Fake Adobe Certificate – One new piece of malware that has been discovered is pretending to have a certificate from Adobe Systems to trick users. The software injects itself into IE and notepad and allows the handler to take control of the infected machine. This use of fake certificates may be a sign of things to come, because it can lull users into a false sense of security. Via ISS Source, more here. […]

Leave a Reply

You must be logged in to post a comment.