Hi.
you should watch it all, but I am interested in Min ~3:35.
what happens if malware is digitally signed?
will comodo scan it and at least warm about it
or just let it run according to the certificate database
that it has?
thank you.
If it’s digitally signed and on the trusted vendor list it will run without question. If it’s signed and not on the trusted list you will receive a popup warning sign. The chances of this happening are without question almost non existent.
Edit: What I should have said is that I think there is a very little chance that CIS could be infected with a fake digital signed malware. Not much of that floating around. There have been a few cases but very little in the criminal world. A digital signature is not an easy thing to come by.
What I should have said is that I think there is a very little chance that CIS could be infected with a fake digital signed malware. Not much of that floating around. There have been a few cases but very little in the criminal world. A digital signature is not an easy thing to come by.
OK… Then please test this file… It has bypassed COMODO protection/sandbox and it is allegedly adware/spyware.
It has a digital signature, apparently “valid”…
MALWARE link: (password: acds)
Download link to malware removed. Interested members can request the download link by pm. Eric
The mod can remove the link if it’s against the rules. But note that submitting the file on the website issues an error for me;
and I have warned the people beforehand that it’s malware.
So… seems like COMODO has some leaks.
Ignore the SecHijack (A) - That is what I have manually done (changed default Task Manager).
Note that, among other things, if I hadn’t changed my default Task Manager, now I couldn’t have
accessed it. The malware has blocked it, as shown above, but I use Process Hacker.
CAMAS link: http://camas.comodo.com/cgi-bin/submit?file=840377f6fc07be8f28329ac4d8fbe1afbbaa318b6b8412019dceb8d43bf79bac
VirusTotal:
Please submit this sample in Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!) following the guidelines in the topic start.
I removed the download link. You can provide the download link to interested members by pm when being asked. That way we protect the less experienced users.
There has been discussion to let AV detection take precedence over signature. I hope Comodo will listen to this.
I have left a message in the suggested thread.
Those interested can find the hashes/digital signature info/file info
in the CAMAS and VirusTotal links.
I have seen malware that increasingly uses digital signature (perhaps stolen certificates).
So beware…
Probably the certificate should be revoked… ?
The certificate should be revoked. That is up to Symantec/Verisign once they have been informed.