BreachExchange mailing list archives
Opera says hackers pilfered expired code-signing certificate
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Thu, 27 Jun 2013 10:05:44 -0500
https://www.networkworld.com/news/2013/062713-opera-says-hackers-pilfered-expired-271332.html IDG News Service - Opera Software said Wednesday hackers pilfered from its internal systems at least one code-signing certificate that was used to sign malicious software. The Oslo-based company, which makes a mobile and desktop web browser, wrote in ablog post that it believes a few thousand Windows users may have automatically installed malicious software between 01.00 and 01.36 UTC on June 19, the day the attack was detected and halted. Code-signing certificates are used to cryptographically verify that a piece of software comes from its purported publisher. By using the certificate, it would have appeared to users that the malware was legitimate software from Opera, such as the company's browser. In its post, Opera included a link to VirusTotal, a website that tests malware samples against security programs to see if the malware is detected. The VirusTotal page shows the SHA256 hash of what is presumably the malware that used the expired code-signing certificate. At the time of writing, just over half of the 47 security programs listed on VirusTotal that tested the sample detected it. The figure will likely rise as vendors tweak their programs to detect it. SigbjA,rn Vik, an Opera developer and quality assurance engineer, wrote that the certificate was expired, but did not reveal further details. The company said it has since cleaned its systems and that it does not believe user data was lost. "We are working with the relevant authorities to investigate its source and any potential further extent," Vik wrote. Opera is planning to release a new version of its browser with a new code-signing certificate, but did not say when it will be available. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Opera says hackers pilfered expired code-signing certificate Erica Absetz (Jun 27)