Wednesday, December 10, 2014
Breaking News
Home / Malware / Adobe servers hacked – used to Sign malware

Adobe servers hacked – used to Sign malware

Thursday software vendor Adobe declared that attackers breached its code-signing system and applied it to sign their malware with a validated digital certificate from Adobe.

Adobe alleged it was lifting the certificate and planned to issue fresh certificates for legitimate Adobe products that were also signed with the same certificate, wrote Brad Arkin, senior director of product security and privacy for Adobe, in a blog post.

Adobe did not say when the breach took place, but noted that it was re-issuing certificates for code that was signed with the compromised signing key after July 10, 2012.

In addition, a security advisory the company released with its announcement showed that the two malicious programs were signed on July 26 of this year.

Adobe spokeswoman Liebke Lips assured Wired that the company first got word of the issue when it received samples of the two malicious programs from an unidentified party on the evening of Sept. 12.

The company then instantly began the process of deactivating and revoking the certificate.

About FastFlux

Owner of ZeroSecurity, intrested in programming, malware analysis and penetration testing. If you are interested in joining the ZeroSecurity team please use the contact forum located above to contact us.

Discuss

Loading Disqus Comments ...
Loading Facebook Comments ...