Hacked: Malware got digitally signed as trusted

Hackers accessed Bit9’s code-signing certificates, enabling intruders to digitally sign malware to appear as legitimate files, the vendor announced Friday. Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known “safe” files from computer viruses and other malicious software.

Massachusetts-based Bit9 is a leading provider of “application whitelisting” services, a security technology that turns the traditional approach to fighting malware on its head. Antivirus software, for example, seeks to identify and quarantine files that are known bad or strongly suspected of being malicious. In contrast, Bit9 specializes in helping companies develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous.

But earlier today, Bit9 told a source for KrebsOnSecurity that their corporate networks had been breached by a cyberattack. Ironically, the breached Bit9 system was not protected with the company’s own software. This attack bears similarities to the 2011 attack on RSA, in which attackers stole information that was likely used to conduct attacks on other organizations. According to the source, Bit9 said that some customers had discovered malware inside of their own Bit9-protected networks, malware that was digitally signed by Bit9′s own encryption keys. According to a blog post Friday from Bit9 CEO Patrick Morley, miscreants were able to turn Bit9’s secret sauce against them by getting a hold of the vendor’s digital signatures and then delivering malware to a handful of customers that appeared to be on their trusted list of software.

It’s unclear how the intruders initially gained access to Bit9 systems.

“We simply did not follow the best practices we recommend to our customers by making certain our product was on all physical and virtual machines within Bit9,” Morley wrote.


8 thoughts on “Hacked: Malware got digitally signed as trusted

  1. This is a message to the admin. Your website is missing out on at least 300 visitors per day. I have found a company which offers to dramatically increase your traffic to your website: http://bag.sh/16M They offer 1,000 free visitors during their free trial period and I managed to get over 30,000 visitors per month using their services, you could also get lot more targeted visitors than you have now. Hope this helps 🙂 Take care.

  2. You actually make it appear really easy with your

    presentation however I find this matter to be actually something

    that I think I’d by no means understand. It seems too complicated and extremely broad for me. I’m

    having a look forward to your next submit, I will attempt to get the hold of

  3. Hello there, I found your site via Google while searching for a related topic,

    your site came up, it looks good. I’ve bookmarked it in my google bookmarks.

  4. I am extremely inspired with your writing talents and also
    with the layout on your

    blog. Is that this a paid theme or did you modify it

    your self? Anyway keep up the excellent high quality writing, it’s

    rare to see a nice blog like this one today..

  5. Thank you for every other magnificent post. The place else could anyone get that kind of info in such a perfect means of writing? I’ve a presentation next week, and I am on the look for such information.

Comments are closed.