Hackers Breached Adobe Server in Order to Sign Their Malware

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2012/09/adobe-digital-cert-hacked/

By Kim Zetter
Threat Level
Wired.com
09.27.12

The ongoing security saga involving digital certificates got a new and 
disturbing wrinkle on Thursday when software giant Adobe announced that 
attackers breached its code-signing system and used it to sign their 
malware with a valid digital certificate from Adobe.

Adobe said the attackers signed at least two malicious utility programs 
with the valid Adobe certificate. The company traced the problem to a 
compromised build server that had the ability to get code approved from 
the company’s code-signing system.

Adobe said it was revoking the certificate and planned to issue new 
certificates for legitimate Adobe products that were also signed with 
the same certificate, wrote Brad Arkin, senior director of product 
security and privacy for Adobe, in a blog post.

“This only affects the Adobe software signed with the impacted 
certificate that runs on the Windows platform and three Adobe AIR 
applications that run on both Windows and Macintosh,” Arkin wrote. “The 
revocation does not impact any other Adobe software for Macintosh or 
other platforms.”

[...]

--
Certified Ethical Hacker and CISSP with ExpandingSecurity.com gives the best
training and support. Last 2012 CISSP and CEH starts Oct. 1! Take action now
and be done before 2012 ends. Best program, best price.
CISSP info signup
http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
CEH info signup
http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
Our Live Online classes will not wreck your schedule.