The H-Online: In response to the Flame worst-case scenario, Microsoft has now integrated a custom block list feature for its certificate store under Windows. The feature was deployed as part of this month’s Patch Tuesday. The Flame worm had spread via Windows Update feature by manipulating the certificates that were intended to protect Windows updates from tampering. ...
Avira TechBlog Wrote: Microsoft released Security Advisory 2718704 which revokes some certificated which apparently were used to sign the trojan Flame__. In a blog post, Microsoft explains how they discovered that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. The certificates issued by the Terminal Services licensing certification authority, which are intended to only be used for license server verification, were also used to sign code and make it look like as if it was originated from Microsoft. ...
Avira TechBlog: Great news – our Avira Premium Security Suite received the next AV-Test.org certificate, this time for the first quarter of 2011! So far the suite thus achieved all available AV-Test.org certificates since the beginning of the certification process. The certificate approves the tested products a good quality in detection, repair and usability. ...
Avira TechBlog: The malware authors every now and then send us virus researchers some messages. For example in the compiled binary itself, or as debug output. Now we found a Zbot Trojan variant which tries to evade detection by carrying a digital certificate and therewith looking more legitimate. And this certificate is registered to “DetectMe! 🙂 ”, also adding random data behind the certificate. ...