F-Secure Tracks Fake Security Certificates to Government Agency in Malaysia

Researchers at F-Secure have recently discovered an uncommon malware that possesses an authorised code-signing certificate which belongs to a government institute located in Malaysia.

According to the statement given by Mikko Hypponen, the chief research officer at F-Secure, the code-signing certificates with digital signature confirms the authenticity and trust-worthiness of the application to be executed on a PC system.

At the same time, malware often provides counterfeit digital certificates which dupes Internet-uses and tragically the authentic certificates when associated with malicious software were found to be rare, Hypponen confirmed, as reported by SPAMfigher news.

As a matter of fact, "Aanjungnet.mardi.gov.my," from the Agricultural Research and Development Institute of Malaysia put their signature on those fake certificates.

F-Secure contacted the institute and determined that hackers exploited an online Windows computer that was the source of the certificates. The institute is still unclear as to how long the computer was under hacker control.

Hypponen revealed the Trojan behind the hacking attack. According to F-Secure, it was Agent.DTIW which was disseminated via PDF files - which were destructive and used vulnerabilities of Adobe Reader 8.

It should be noted that such incidences of fake certificates in Malaysia is not new, there have been previous incidences of same nature.