Opera says hackers pilfered expired code-signing certificate

[Erica Absetz <erica () riskbasedsecurity com>]

https://www.networkworld.com/news/2013/062713-opera-says-hackers-pilfered-expired-271332.html

IDG News Service - Opera Software said Wednesday hackers pilfered from
its internal systems at least one code-signing certificate that was
used to sign malicious software.

The Oslo-based company, which makes a mobile and desktop web browser,
wrote in ablog post that it believes a few thousand Windows users may
have automatically installed malicious software between 01.00 and
01.36 UTC on June 19, the day the attack was detected and halted.

Code-signing certificates are used to cryptographically verify that a
piece of software comes from its purported publisher. By using the
certificate, it would have appeared to users that the malware was
legitimate software from Opera, such as the company's browser.

In its post, Opera included a link to VirusTotal, a website that tests
malware samples against security programs to see if the malware is
detected. The VirusTotal page shows the SHA256 hash of what is
presumably the malware that used the expired code-signing certificate.

At the time of writing, just over half of the 47 security programs
listed on VirusTotal that tested the sample detected it. The figure
will likely rise as vendors tweak their programs to detect it.

SigbjA,rn Vik, an Opera developer and quality assurance engineer,
wrote that the certificate was expired, but did not reveal further
details. The company said it has since cleaned its systems and that it
does not believe user data was lost.

"We are working with the relevant authorities to investigate its
source and any potential further extent," Vik wrote.

Opera is planning to release a new version of its browser with a new
code-signing certificate, but did not say when it will be available.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.