Two pieces of malware have been found. Ordinarily, the discovery of new malware programs does not receive more than a fleeting glance or mention in an antivirus update.
These two pieces of Malware are unique as the creators figured a way to embed Adobe’s certificates used to sign its software builds. This certificate is used to verify that the program is indeed a genuine Adobe product. Once the authenticity is verified, the program installation completes.
This is indeed scary (appropriate for the Halloween month) because the malware appears to be blessed by an Adobe security certificate. Adobe claims that “We have strong reason to believe that this issue does not present a general security risk. The evidence we have seen has been limited to a single isolated discovery of two malicious utilities signed using the certificate and indicates that the certificate was not used to sign widespread malware.”
Maybe it is not “widespread” at the moment, but this is a downright nasty thought that the bad guys have something like this on the street. One of the products affect is the CreatePDF Desktop Printer. You can get the corrected certificate for CreatePDF Desktop Printer now.
Since the certificates will be deactivated by Adobe, you will need to go to the Adobe site and obtain them. A total of twenty-seven products are affected by this certificate revocation. If you Adobe product is not listed on this certificate update page you do not need to do anything.
Adobe will be revoking the affected certificates on Thursday, October 4th. I recommend you get the new certificates ASAP.
Until the certificate is indeed cancelled by adobe I would recommend holding off any software installations that are not from a major company. After that, pay attention to any program install that gives you an Adobe certificate error, and do not finish that install, as you may be installing some malware.
Photo via flickr by Sophos D/A/CH Presseinfo