Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, June 26, 2013

Attackers sign malware using crypto certificate stolen from Opera Software

Hackers penetrated network servers belonging to Opera Software, stole at least one digital certificate, and then used it to distribute malware that incorrectly appeared to be published by the browser maker. “The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware,” Wednesday’s advisory stated. It is possible that a few thousand Windows users, who were using Opera between June 19 from 1.00 and 1.36 UTC, may automatically have received and installed the malicious software.”


Hackers penetrated network servers belonging to Opera Software, stole at least one digital certificate, and then used it to distribute malware that incorrectly appeared to be published by the browser maker. “The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware,” Wednesday’s advisory stated. It is possible that a few thousand Windows users, who were using Opera between June 19 from 1.00 and 1.36 UTC, may automatically have received and installed the malicious software.”


Missing details include when the attackers first gained access to the servers, precisely when the stolen digital certificate expired, and whether there’s reason to believe other certificates may also have been obtained. It would also be useful to know how hackers got access to an official Opera digital certificate, which is supposed to cryptographically prove that the software that bears its seal could only have come from the company.


The Opera post urged users to “update to the latest version of Opera as soon as it is available, keep computer software up to date, and to use a reputable antivirus product on their computer.”


At some point soon, though, officials should provide a more thorough account of what happened, who was affected, and what steps have been taken to prevent similar attacks from succeeding in the future.


Link: http://arstechnica.com/security/2013/06/attackers-sign-malware-using-crypto-certificate-stolen-from-opera-software/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29

 

Posted on 06/26
MalwareWarningsPermalink