contact help help
Home  About this Site  About the Firm  Attorneys  Services  Contact Us 
LOGIN

Retrieve password

Register here for a new account

 Register

SITE NEWS

More Small Employers Are Not Offering Health Care Coverage

A new survey shows small employers are abandoning employee health care insurance. What are the implications?

More Employee Whistleblower Protections On The Way?

A key Senate panel approves a bill that would extend whistleblower protections to more employees. We examine.

Are Digital Certificates Proof Of A Safe Website? Think Again

A new malware family is discovered using digital certificates to avoid detection. We explore.

Our Readers Let Us Know If Being Older Matters When Looking For A Job

We asked our readers if being older is a negative when looking for work. The answer may not surprise you, but the numbers may.

Malvertising: Our Poll Shows The Impact On Our Readers

Malvertising is snagging employers, including some of our readers. We show the results of our poll on malvertising and explain the risks malvertising creates for employers.

Are Digital Certificates Proof Of A Safe Website? Think Again

March 1, 2016

Researchers at a cybersecurity firm have uncovered a new family of malware they call Spymel. The infected files are attached to sophisticated phishing emails, and once downloaded, begin logging keystrokes and other user activity. This particular malware avoids detection by utilizing stolen digital certificates that most systems recognize as legitimate.

Not only will the malware log activity and send it to the attacker, but it will also disable the tools designed to stop the file from executing.

Interestingly, within just a few days of revoking the compromised certificate, researchers detected a variant of the malware using another certificate issued to the same company. Jeremy Seth Davis "Malware using legit certs to avoid detection, surveil users," www.scmagazine.com (Jan. 11, 2016).

Commentary

A digital certificate is essentially your document of identification on the Internet allowing the secure transfer of information. A certificate is regarded as a sign of security because it is issued by an official agency and contains private information about the business as well as the key to its encryption.

When a user wants to access a website, the user’s browser software looks at the site’s certificate to make sure the website is authentic. The browser also checks certificate authenticity when the user wants to download software or updates onto the user’s system. If the website’s certificate cannot be identified or has expired, the system stops the process and warns the user about the issue.

Your Internet browser software contains a list of trusted certificates, and the process of verifying the identity of certificates typically goes unnoticed, in the background. Cybercriminals looking to spread malware can attach an infected file to a phishing email that is “signed” with a stolen digital certificate, or try to disguise the file as a necessary software update. When the user downloads the file, the computer identifies the certificate as secure, and the malware is installed.

Knowledgeable IT staff can stay informed about known breaches of certificate authorities and manually revoke the trust given them in their system browser. Because the general user usually does not have the time or expertise to do the same, keeping browser software and system patches up to date is the best way to stay protected. In addition, always question any unusual file attachments or system update requests.

Finally, your opinion is important to us. Please complete the opinion survey: