funsec mailing list archives
RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte
From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Fri, 14 Sep 2007 16:06:49 -0400
I think it only affects install time. Currently-installed copies will continue to run. Based on what was said in the Atsiv incident, I think there is an internal CRL in Windows to which Microsoft could add the program, and that would be checked at load time. They don't do this casually as it requires a Windows Update distribution. Microsoft could also add a Windows Defender signature for it, as they did with Atsiv. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Valdis.Kletnieks () vt edu Sent: Friday, September 14, 2007 11:50 AM To: Alex Eckelberry Cc: funsec () linuxbox org Subject: Re: [funsec] Sunbelt: Gromozon Malware Digitally Signed by Thawte On Wed, 12 Sep 2007 20:01:22 EDT, Alex Eckelberry said:
Fyi, Verisign just notified me that the cert has been revoked.
And does anything that looks at that certificate actually *USE* the CRL to verify it's un-revokedness before continuing? :) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sunbelt: Gromozon Malware Digitally Signed by Thawte Paul Ferguson (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- Re: Sunbelt: Gromozon Malware Digitally Signed by Thawte Valdis . Kletnieks (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- Re: Sunbelt: Gromozon Malware Digitally Signed by Thawte Valdis . Kletnieks (Sep 14)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 14)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Alex Eckelberry (Sep 12)
- RE: Sunbelt: Gromozon Malware Digitally Signed by Thawte Larry Seltzer (Sep 12)