We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Kaspersky Lab spots malware signed with stolen digital certificate

Security firm Kaspersky Lab Thursday said it's identified a malicious program that appears to make use of a compromised Symantec VeriSign digital certificate issued to Conpavi AG, which is known to work with Swiss government agencies. Kaspersky says it has asked Symantec VeriSign to revoke the compromised certificates.

Kaspersky says the malicious program contains what's being called Trojan-Dropper.Win32.Mediyes. A dropper file is a type of malware commonly used by attackers to seed targeted computers in order to easily drop other malware into it in the future for a wide variety of purposes.

SLIDESHOW: A look at China's cyberwar planning

Kaspersky Lab researcher Vyacheslav Zakorzhevsky wrote today in a blog that the malicious DLL Trojan.Win32.Mediyes was detected on the computers of about 5,000 users, mainly in Western Europe, including Germany, Switzerland, Sweden, France and Italy.

The Mediyes malware has been seen between December 2011 and March 7, 2012 and in all the cases it was signed with a certificate issued for the Swiss company Conpavi, according to the Kaspersky Lab researcher.

One main purpose of Trojan.Win32.Mediyes is to help facilitate the interception of web browser requests sent to the Google, Yahoo! And Bing search engines, as the search queries are "used by the criminals to earn money as part of the Search 123 partner program that works on a pay-per-click basis," writes Zakorzhevsky. The attackers seem to working with a server in Germany.

"The malware is clearly aimed at users in Europe," Zakorzhevsky writes. "This is backed up by other evidence - the certificate from a Swiss company, the server in Germany, and only the requests made on major international search engines being intercepted."

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

iPad mini 3 vs iPad mini 2 comparison: New iPad mini 3 isn't worth £80 more

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Halloween Photoshop tutorials: 13 masterclasses for horrifying art, designs and type

IDG UK Sites

Should I upgrade from Mavericks to OS X 10.10 Yosemite? What you need to know before updating to...