Adobe overhauls digital signing system post-attack

Software giant rushes to fix signing system following discovery of digitally signed malware.

Malware

Software giant Adobe is to overhaul its digital signing procedures after the discovery of two malware samples carrying the firm's digital certificate of approval.

The certificate's presence means the "malicious utilities" would have been treated as safe by end users' computers.

We believe the vast majority of users are not at risk.

In a blog post, confirming the discovery, Adobe said the malware had been traced back to a single source and that a "compromised build server" had been discovered with access to the firm's code signing infrastructure.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We immediately decommissioned the existing Adobe code signing infrastructure and initiated a forensics investigation to determine how these signatures were created," said the blog post.

"We are proceeding with plans to revoke the certificate and publish updates for existing Adobe software signed using the impacted certificate."

The firm said signed samples of malware are often used in "highly targeted attacks", but said the "vast majority" of users were not at risk.

The software vendor has introduced an interim signing service, featuring an offline human verification stage, and revealed that it is working on a replacement system.

It will also be revoking all affected certificates, issued after 10 July 2012, on Thursday 4 October 2012.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/pdf-software/29855/why-it-s-time-to-take-your-documents-digital
document management systems (DMS)

Why it’s time to take your documents digital

7 Feb 2020
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/business-strategy/34599/adobe-shuts-down-service-to-venezuela
Business strategy

Adobe shuts down service to Venezuela

9 Oct 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/technology/artificial-intelligence-ai/354796/ai-identifies-11-earth-bound-asteroids
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/business/business-operations/354790/hp-shareholders-invited-to-come-dine-with-xerox
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020