New Stuxnet-Related Malware Signed Using Certificate from JMicron

[Peaches]

New Stuxnet-Related Malware Signed Using Certificate from JMicron

Points to a highly sophisticated industrial espionage operation

Security researchers from ESET have found a new piece of digitally signed malware related to the recently discovered Stuxnet worm. The new threat was created last week and abuses a certificated from a different integrated circuits (IC) manufacturer called JMicron Technology Corporation.

The hottest topic in the antivirus community right now is a new highly advanced worm called Stuxnet. The malware was discovered back in June by security researchers from Belarusian antivirus vendor VirusBlokAda, but only came to the attention of the general public last week.

There are several aspects about Stuxnet that have intrigued security researchers and malware analysts. First, it propagates by exploiting a previously unknown Windows vulnerability. Secondly, its components, including two drivers with rootkit behavior, are digitally signed, something very unusual for malware.

However, even more intriguing is that the malware is signed with a certificate belonging to Realtek Semiconductor Corp., a large manufacturer of networking, peripheral and multimedia computer chipsets. Finally, the Stuxnet malware seems to serve industrial espionage efforts, a hypothesis suggested by the fact that it steals information from databases used by Siemens SIMATIC WinCC Supervisory Control And Data Acquisition (SCADA) systems.

More details on this topic - http://news.softpedia.com/news/New-Stuxnet-Related-Malware-Signed-Using-Certificate-from-JMicron-148213.shtml