Here these two topics intersect with some interesting circumstances (that will be soon elaborated):
As you can see from the table, the Aventura package has a valid digital signature. In this case the detected binary is not signed, but its container (WebClient.cab) is properly signed. This means you are supposed to trust the binary when you approach it from outside (and so perhaps does your browser in default settings?!).
As in real life – where you are responsible for everything you sign - the developer is responsible for what he puts into the package and what he certifies. Remember, the balance between benign code injection and malicious code injection is on a razor’s edge. A similar example also arrived at our FP submission system:
Read full article at blog.avast.com.
by Michal Krejdl
blog.avast.com
blog.avast.com
No comments:
Post a Comment