Adobe revokes certificate after server hack

Computer users were cautioned over the weekend against at least two new malware that bear the digital signature of Adobe, the company behind the popular Flash and Reader software.

 

Adobe security chief Brad Arkin said hackers managed to create malicious files with Adobe's digital code-signing signature after compromising a vulnerable server.

 

Security vendor Sophos said the malware using Adobe's digital signature includes:

 

- pwdump7 v 7.1, a utility that scoops up password hashes, and is sometimes used as a single file that statically links the OpenSSL library libeay32.dll.

 

- myGeeksmail.dll, a malicious ISAPI filter.

 

"Adobe plans next week to revoke the certificate for all code signed before July 10, 2012, according to an advisory from the company," Sophos said.

 

It said the certificate revocation will affect the sha1RSA certificate issued to Adobe Systems Inc. by VeriSign.

 

The certificate is Valid from December 14, 2010 until Dec. 14, 2012.

 

"However, even when a CA (Certificate Authority) revokes a certificate for an abused private key, any digital signature made before the revocation date will remain valid," Sophos noted.

 

Sophos added Adobe will be publishing updates for existing Adobe software products signed using the compromised certificate.

 

For its part, Sophos said it has released detection for the malicious files that Adobe references in its advisory, identifying them as Troj/HkCert-A. — TJD, GMA News