Browser maker Opera Software says an attack on its internal network took advantage of its update service and led to the theft of at least one old and expired code-signing certificate that hackers used to sign malware, making it look legitimate to victims and thus safe to use. This has allowed them to distribute malicious software that incorrectly appears to have been published by Opera Software or appears to be the Opera browser, Opera stated. The company released no other details. Because of the scheme, any Windows user who downloaded the malware thinking it was the Opera browser and tried to install the browser on 19 June 2013 may have installed the malicious software instead. This is an example of how hackers are increasingly focusing attacks on software firms’ internal networks -- which allows them to have the ability sign files and to escalate their own privileges in order to move more freely within the network -- rather than individual users, according to security experts. (SlashDot)(Security Week)(The Opera Security Group)
Friday, July 26, 2013
Opera Says Network Attack Lets Hackers Certify Malware
