Author Topic: Comodo Digital Sign on a Malware!  (Read 2778 times)

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5424
  • COMODO Rocks!
    • Free Comodo Products!
Comodo Digital Sign on a Malware!
« on: October 27, 2015, 02:12:04 PM »
Hello,

I just saw this : https://twitter.com/BelchSpeak/status/659075998688923649
The image is here : http://i.hizliresim.com/QWVq1k.png

It is not normal, can you prevent this kind of problems guys? What does it mean, I really know nothing about digital signing?

Thank you.
« Last Edit: October 27, 2015, 02:13:44 PM by yigido »
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23805
Re: Comodo Digital Sign on a Malware!
« Reply #1 on: October 27, 2015, 07:16:30 PM »
I sent a pm to Comodo.

For those interested this is the Virus Total report: https://www.virustotal.com/en/file/a98bb2f8daa4ced3acbd7aff27c1918d8135bf2e64442b225b178548b594363d/analysis/ .

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5424
  • COMODO Rocks!
    • Free Comodo Products!
Re: Comodo Digital Sign on a Malware!
« Reply #2 on: October 28, 2015, 03:10:19 AM »
What a pity that is an upatre sample..
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23805
Re: Comodo Digital Sign on a Malware!
« Reply #3 on: October 28, 2015, 10:30:28 AM »
I got reply from Rich_S stating it will get revoked back to date of issuance which will invalidate the signature.

What a pity that is an upatre sample..
What does upatre mean? The Merriam-Webster dictionary does not know it.


Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5424
  • COMODO Rocks!
    • Free Comodo Products!
Re: Comodo Digital Sign on a Malware!
« Reply #4 on: October 28, 2015, 11:12:46 AM »
What does upatre mean? The Merriam-Webster dictionary does not know it.

It is a malware type.
You can check here : https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/UPATRE
and I am sad about it now Comodo has no encyclopedia like this one.
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23805
Re: Comodo Digital Sign on a Malware!
« Reply #5 on: October 28, 2015, 07:26:44 PM »
It is not detected by Comodo. I submitted it and gave you the props.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5424
  • COMODO Rocks!
    • Free Comodo Products!
Re: Comodo Digital Sign on a Malware!
« Reply #6 on: October 29, 2015, 06:03:41 AM »
It is not detected by Comodo. I submitted it and gave you the props.
In fact, I did not check that digital signature is in Comodo Trusted Vendor List? Can you please check it for me?
"Time Divers Ltd" = http://i.hizliresim.com/vR600A.jpg
If Comodo TVL trusts the file, then the detection will not work.
This is a small but serious hole in CIS security "Trusted Malwares"

Comodo detected the file : https://www.virustotal.com/en/file/a98bb2f8daa4ced3acbd7aff27c1918d8135bf2e64442b225b178548b594363d/analysis/1446116909/ as TrojWare.Win32.Waski.CERT
« Last Edit: October 29, 2015, 06:09:46 AM by yigido »
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23805
Re: Comodo Digital Sign on a Malware!
« Reply #7 on: October 29, 2015, 12:55:54 PM »
Time Divers is not on the TVL.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5424
  • COMODO Rocks!
    • Free Comodo Products!
Re: Comodo Digital Sign on a Malware!
« Reply #8 on: November 22, 2015, 10:37:42 AM »
Hello EricJH,

Can you please report this Cryptolocker to Comodo employees?
Comodo is the signer of this malware  :-TD :-TD Check file details..
https://www.virustotal.com/tr/file/1d39890e586bd3af03bb31ed307af378fbc58cc61fddd9bbc4de4fb738bb4d93/analysis/



Please inform me about it.
« Last Edit: November 22, 2015, 10:39:48 AM by yigido »
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23805
Re: Comodo Digital Sign on a Malware!
« Reply #9 on: November 22, 2015, 11:28:12 AM »
I sent a pm.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23805
Re: Comodo Digital Sign on a Malware!
« Reply #10 on: November 24, 2015, 10:32:46 AM »
I got a pm yesterday that Comodo is on it.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5424
  • COMODO Rocks!
    • Free Comodo Products!
Re: Comodo Digital Sign on a Malware!
« Reply #11 on: November 24, 2015, 01:23:58 PM »
I got a pm yesterday that Comodo is on it.
Thanks EricJH!
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23805
Re: Comodo Digital Sign on a Malware!
« Reply #12 on: November 24, 2015, 03:25:29 PM »
I connected with Rich_s about this and he asked to submit malware that is signed by Comodo code signing certificate by email. I updated the topic start of Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!):

When coming across a malware signed by Comodo please follow the steps as described in How to report fraudulent or malicious use of certificates issued by Comodo because this is the fastest way to get it processed:
Quote
Code Signing Certificates

If you have come across malware signed with a Comodo issued Code Signing certificate please send as much detail as possible to:

signedmalwarealert[at]comodo.com

Helpful details include:
link to the signed malware
screenshots of the certificate details showing the signer organization or certificate serial number or other details which will help us identify the certificate
a copy of the actual certificate if possible
This article also describes how to report fraudulent and phishing emails using Comodo SSL/TLS certificates (but this is not pertinent for this topic).
Next time you can submit the malware samples to the mentioned email address for quick processing.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek