What agency issued a digital signature for the Cryptowall 2.0 ransomware virus?

Question

What agency issued a digital signature for the Cryptowall 2.0 ransomware virus?

Is it too early to tell? As far as I know this is how Microsoft planned to prevent malware, by adding a digital certificate to the BIOS, or to any of the programs that get loaded on a Windows machine.

As far as I know, the malware is smart enough to delete all of the browser history on the day the system is attacked; which makes it impossible (from the desktop at least, maybe not from the router) to figure out what IP it came from.

But a digital certificate is only as good as the company that issues them; if there's human-corruption within that company then our data is all doomed.

Who signed Cryptowall 2.0?

Explanation / Answer

You are technically wrong when you say "signed the virus". the CA NEVER signs any code. What CA can do, is issue a code-signing certificate. Then the MAKER of the virus do sign the code. This means the CA never see the code and you can't really blame the CA for issuing a code-signing certificate.

The Point of a code-signing certificate, is to bind the code to the person who signed it. So if the CA did a correct verification here, and the code-signing certificate was not leaked, then you should have the virus maker's personal details right in front of you, and it should be easy to get him prosecuted and liable for financial loss due to the virus.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.