19 March 2012

Advertising trojan with Swiss signature

A trojan called Mediyes is currently circulating in Germany. As reported by Kaspersky, the unusual thing about this trojan is that it was signed with a valid private key that belongs to Swiss company Conpavi AG. Conpavi promotes itself as a consultancy firm for e-governance projects, for example for the city of Lucerne.
Kaspersky says that it has sighted several versions of the dropper that were signed by Conpavi between December 2011 and 7 March 2012. This suggests that the criminals had access to the company's private key over a prolonged period of time. The private key was issued by a VeriSign Certificate Authority that is considered trustworthy by most operating systems.
On an infected system, the malware hooks into the browser to invisibly intercept any search engine queries and forward them to the server of an advertising network. Kaspersky says that the server is located in Germany and responds by sending links from the Search123 partner program..........

Click here to read more ....

Solutions : www.xcyss.in

No comments:

Post a Comment