In September, some brazilian blogs and forums alerter about a malware that got Comodo digital sign.
http://seumicroseguro.com/2012/09/08/malware-brasileiro-obtem-assinatura-digital-valida/
The malware seems to be delivered by email and steal bank passwords. It was discovered by Kaspersky Lab.
They say the software posed as a Hewlett-Packard software and got the sign that was valid for 15 days, according to the blog. Now the certificate is revoked.
Some other info come in November (and published some days ago) (http://seumicroseguro.com/2012/12/14/comodo-volta-a-avalizar-assinatura-digital-de-pragas-brasileiras/), saying that two other files got the certification:
c:\windows\SysWow64\GbPlugin-Módulo de Segurança.scr
c:\windows\SysWow64\GbPlugin-Módulo de Segurança.com
Both blogs ask more security measures that need to be taken by Comodo.
Any info or comment about this?