Fake Certificate in Malware – with Message
Avira TechBlog: The malware authors every now and then send us virus researchers some messages. For example in the compiled binary itself, or as debug output. Now we found a Zbot Trojan variant which tries to evade detection by carrying a digital certificate and therewith looking more legitimate. And this certificate is registered to “DetectMe! 🙂 ”, also adding random data behind the certificate.
</p>
</p>
We see hints like these regularly – malware authors proposing names for their malicious creations or suggesting a place where a signature based detection would be suitable. Of course, such hints are ignored by us for detection but make us smile for a short time.
In this special case, our heuristics already notice other suspicious properties of the file and Avira thus detects the malware as TR/Crypt.ULPM.Gen.
Leave a comment