Certificate-stealing Trojan
Marsh Ray
marsh at extendedsubset.com
Mon Sep 27 23:16:18 EDT 2010
On 09/27/2010 08:26 PM, Rose, Greg wrote:
>
> On 2010 Sep 24, at 12:47 , Steven Bellovin wrote:
>
>> Per
>> http://news.softpedia.com/news/New-Trojan-Steals-Digital-Certificates-157442.shtml
>> there's a new Trojan out there that looks for a steals Cert_*.p12
>> files -- certificates with private keys. Since the private keys
>> are password-protected, it thoughtfully installs a keystroke logger
>> as well....
>
> Ah, the irony of a trojan stealing something that, because of lack of
> PKI, is essentially useless anyway...
While I agree with the sentiment on PKI, we should accept this evidence
for what it is:
There exists at least one malware author who, as of recently, did not
have a trusted root CA key.
Additionally, the Stuxnet trojan is using driver-signing certs pilfered
from the legitimate parties the old-fashioned way. This suggests that
even professional teams with probable state backing either lack that
card or are saving it to play in the next round.
Is it possible that the current PKI isn't always the weakest link in the
chain? Is it too valuable of a cake to ever eat? Or does it just leave
too many footprints behind?
- Marsh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list