Submission + - Stealthy malware infects digitally-signed files without altering hashes (theregister.co.uk)
One of three file size checks is not properly conducted by Microsoft's Authenticode allowing VXers to alter expected values so that infected digitally-signed files appear valid