Report Indicates Malware Rates with Legitimately Signed Certificates on a Steep Increase

Researchers from McAfee have indicated a steep increase in the amount of malware signed with legitimate certificates.

Malware has taken on many different faces over the past few years, many of those faces are not easily recognizable by detection agents and advanced security software. In recent months, security firms like McAfee have taken notice to a sharp rise in the amount of malware that has legitimately signed certifications.

Any piece of software that has a legitimate signed certificate is considered as being a real application that is safe to utilize. For some time now, detection agents within security software heavily relied on the digital certificate to make a determination if the app is bad or malicious from the get-go. Now, having malicious apps signed with legitimate digital certificates many of these horrific programs make their way past detection and end up conducting their malicious activities without any road blocks.

Malware signed with legitimate certificates had seen an exponential increase since 2010 when about 1/3% of a sample set was found to be signed that way. According to McAfee, this rate has doubled to 2.9% in 2011 and then rocketed to 6.6% in 2012. For this year (2013), the rate is slightly lower, but the total amount of certificate abuse is on a continual growth spurt because of the amount of new malware roughly doubling each year.

Delving into the legitimately-signed digital certificates, there are not found to be malicious, just abused. This means the digital certificates were not stolen or forged, they were abused in a way that the attacker more than likely went out and got a legitimate certificate from a company associated with a known Certificate Authority such as Comodo, Thawte or VeriSign.

There have been instances where upwards of hundreds of malware samples were being signed with the same certificate and none of them where for malicious use of the certificate.

Security firms are now circling around ways to identify abused certificates so they may block malware. The data collected by McAfee, is only a small break in the preverbal iceberg that we all must skate pass, or we could be dead in the water like the Titanic, when attackers ramp up efforts to utilize legitimate signed certificates to conduct the spread of malicious applications.

Signature-based scanning to clearly identify and further examine legitimately signed digital certificates is a definite necessity. Before things get out of hand, we must all find ways to decipher legitimate certificates within malicious software.