An anonymous reader writes: Security firm AVG released its Q2 threat report this week and raises the alarm about an alarming increase of the use of stolen certificates to sign malware. This bypasses many security mechanisms that have a blind trust in signed code.
"The report also highlights the rise of trusted malware, particularly in Q2, where cyber criminals are stealing legitimate security certificates to sign their malware, making it undetectable by many security systems.
As digitally signed code enables binary code to execute on a PC, cyber criminals are increasing their efforts to steal digital certificates, says AVG Threat Lab, which detected more than 53,800 pieces of signed malware in the first five months of 2011.
This represents a 38% increase over the figure for all of 2010 and a more than 300% increase on the monthly average."