List of digital certificates used by malware

#9693 by frank_boldewin
Mon Nov 14, 2011 7:37 am

found this useful and maybe someone else.

http://www.ccssforum.org/malware-certif ... php?&pag=1

Username

frank_boldewin

Posts

116

Joined

Thu Apr 22, 2010 8:59 am

Location

germany

Contact

Re: List of digital certificates used by malware

#9721 by EP_X0FF
Thu Nov 17, 2011 4:13 am

Not really useful. They have are DB entries related to viruses which are modified signed binaries making their certificate invalid and entries with out-dated or invalid certificates (for example ripped from other program and joined with malware). How many such junk in DB is unknown.

Example.

ZXCA Lab. Geotrust ‎10 a7 db 11/27/2008
to
12/11/2009 08/11/2011

http://www.virustotal.com/file-scan/rep ... 1313000834

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: List of digital certificates used by malware

#9728 by frank_boldewin
Thu Nov 17, 2011 1:27 pm

EP_X0FF wrote:Not really useful. They have are DB entries related to viruses which are modified signed binaries making their certificate invalid and entries with out-dated or invalid certificates (for example ripped from other program and joined with malware). How many such junk in DB is unknown.

Example.

ZXCA Lab. Geotrust ‎10 a7 db 11/27/2008
to
12/11/2009 08/11/2011
http://www.virustotal.com/file-scan/rep ... 1313000834

thanx for the hint. haven't checked that in detail. and you are right, it's nearly useless if certs listed in db are not valid, like with stuxnet or duqu.

Username

frank_boldewin

Posts

116

Joined

Thu Apr 22, 2010 8:59 am

Location

germany

Contact