Bank trojan distributors duped Comodo into selling digital certificate

Then signed supposed HP printer software to dupe users

The Brazilian offices of certificate authority (CA) Comodo accidentally sold a code-signing certificate to a banking trojan distributor, which applied for it using a similar name to a local anti-fraud software vendor.

To pull off the feat, the malware distributors registered the domain gastecnology.org, which was a slight variation on an established Brazilian security vendor Gastecnologia.

The phone number, area code and physical address in the domain registry were all fake, according to Kaspersky Lab researcher Fabio Assolini, but the domain registration itself appeared to be enough to convince Comodo to sell it a three year certificate enabling it to sign its own malware.

Valid and stolen certificates are useful to malware distributors since the certificates should indicate that a Certificate Authority has verified the file’s authenticity, Assolini points out.

From there, the cybercriminals went on to sign their banking trojan ahead of a mass spam campaign that urged online banking customers to install an update. One of the trojans was presented as a HP Digital Assistant for a printer.

According to Assolini, Comodo sold the certificates on 28 May this year but yanked them 15 days later after a local security company alerted it to the fraud.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about ComodoCSOHPKasperskyKaspersky

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts