Peter Gutmann writes: -+------------------- | This means that once a particular signed binary has been detected | as being malware the virus scanner can extract the signing | certificate and know that anything else that contains that | particular certificate will also be malware, with the certificate | providing a convenient fixed signature string for virus scanners | to look for. |
One would assume that the effort to get such a signing certificate would persuade the bad team to use that cert for targeted attacks, not broadcast ones, in which case you would be damned lucky to find it in a place where you could then encapsulate it in a signature-based protection scheme. --dan good reading: Cormac Herley, The Plight of the Targeted Attacker in a World of Scale http://research.microsoft.com/pubs/132068/TargetedAttacker.pdf _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
