Adobe's
revocation of a code-signing certificate that had been used by attackers to sign several malicious utilities sparked concerns in the security community about widespread malware attacks using those utilities. The key concern was that most antimalware systems will implicitly trust files that are digitally signed and so would pass them by without flagging them as malicious. However, security researchers say that the utilities, while still circulating, aren't being used in large-scale attacks.
Adobe announced last week that it planned to revoke the certificate, saying that attackers had been able to compromise a machine on the company's network and then gain access to a build server. The attackers then were able to request signatures from the Adobe certificate, which they received for three separate pieces of malware. Adobe actually revoked the certificate on Thursday, and Microsoft researchers took a look at the use of the three signed malware samples to see how often they were being used.
The three malicious utilities to look out for are PwDump7.exe, libeay.dll and myGeeksmail.dll.
