Feb 22, 2018

Dupe an antivirus program for under $300

A slightly on-the-nose depiction of malware. Photo: ullstein bild / Getty

Researchers at Recorded Future profiled the only two large sellers of fraudulently acquired “software certificates” in a new report. With prices as low as $299, the illicit certificates can evade some digital defenses on the cheap.

Why it matters: Software certificates are essentially a high-tech way for computers to ask a trusted third party, “hey, have you ever heard of this program?” If that system breaks down, unsuspecting users may end up installing malware without any warning.

  • The details: For between $299 (for a low-end certificate from the antivirus firm Comodo, allowing a program to start building a reputation for not being malicious) and $1,599 (for a certificate from Symantec that already has passed those filters) a criminal can purchase certificates through one of the vendors.
  • The nitty-gritty: The vendors both appear to be selling primarily to a Eastern European market through hacker forums.
  • Does it work? It sure seems to. The report found that malware that was caught by eight mostly high-end antivirus programs was only caught by two antivirus programs after adding the fraudulent certificate.
    • “It can effectively be used to obfuscate malware from any antivirus program,” Andrei Barysevich, the researcher behind the report, told Axios.
  • Only two? Recorded Future is a threat intelligence firm that operates like a search engine for the darkest corners of the internet that search engines are unable to access. Their search and consultation with experts only turned up the two major vendors of fake certificates.

Go deeper

Coronavirus kills 2 Diamond Princess passengers and South Korea sees first death

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. U.S. numbers include Americans extracted from Princess Cruise ship.

Two elderly Diamond Princess passengers have been killed by the novel coronavirus — the first deaths confirmed among the more than 600 infected aboard the cruise ship. South Korea also announced its first death Thursday.

The big picture: COVID-19 has now killed more than 2,200 people and infected over 75,465 others, mostly in mainland China, where the National Health Commission announced 118 new deaths since Thursday.

Go deeperArrowUpdated 2 hours ago - Health

SoftBank to cut its stake to get T-Mobile's Sprint deal done

Illustration: Rebecca Zisser/Axios

T-Mobile and Sprint announced a revised merger agreement that will see SoftBank getting a smaller share of the combined company, while most shareholders will receive the previously agreed upon exchange rate. The companies said they hope to get the deal as early as April 1.

Why it matters: The amended deal reflects the decline in Sprint's business, while leaving most shareholders' stake intact and removing another hurdle to the deal's closure.