A new variant of the Lethic botnet agent comes signed with a digital certificate from the same firm whose identity was abused by the infamous Stuxnet industrial control system worm. Lethic is a spam-spewing botnet that ranks relatively low in terms of compromised machines but bears a disproportionately high responsibility for …
so they used a fake certificate that wouldn't verify... why bother at all then? a self-signed certificate with a name of "Microsoft Security Department" or something would have been just as effective surely? or indeed just have it generate a new certificate for each infection - i'm sure that would be more annoying to AV companies
No - I think it was a stolen cert, inside job or hack at Realtek to get the private key then ?
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
- Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland
- Breaking Fad 4K-ing excellent TV is on its way ... in its own sweet time, natch
- Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen