'[ISN] Attackers sign malware using crypto certificate stolen from Opera Software'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Attackers sign malware using crypto certificate stolen from Opera Software
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-06-28 8:26:49
Message-ID: alpine.DEB.2.02.1306280826370.23923 () infosecnews ! org
[Download RAW message or body]

http://arstechnica.com/security/2013/06/attackers-sign-malware-using-crypto-certificate-stolen-from-opera-software/

By Dan Goodin
Ars Technica
June 26 2013

Hackers penetrated network servers belonging to Opera Software, stole at 
least one digital certificate, and then used it to distribute malware that 
incorrectly appeared to be published by the browser maker.

The attack was uncovered, halted, and contained on June 19, according to a 
short advisory that Opera published Wednesday morning. While 
administrators have cleaned the system and have yet to find any evidence 
of any user data being compromised, the breach still had some troubling 
consequences.

"The attackers were able to obtain at least one old and expired Opera code 
signing certificate, which they have used to sign some malware," 
Wednesday's advisory stated. "This has allowed them to distribute 
malicious software which incorrectly appears to have been published by 
Opera Software or appears to be the Opera browser. It is possible that a 
few thousand Windows users, who were using Opera between June 19 from 1.00 
and 1.36 UTC, may automatically have received and installed the malicious 
software."

Opera's advisory leaves out key information that makes it hard to assess 
just how much damage was done. Missing details include when the attackers 
first gained access to the servers, precisely when the stolen digital 
certificate expired, and whether there's reason to believe other 
certificates may also have been obtained. It would also be useful to know 
how hackers got access to an official Opera digital certificate, which is 
supposed to cryptographically prove that the software that bears its seal 
could only have come from the company. As Ars reported last year, 
companies such as Symantec go to great lengths to secure such keys, 
although Opera is hardly alone in losing control of such a valuable 
certificate.

[...]



--
Visit the new and improved InfoSec News website
http://www.infosecnews.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic