The hacking of major certificate authorities, Comodo and DigiNotar, has been somewhat addressed by certificate blacklists and revocations. Despite these measures, however, the fallout of the hacks continues. As picked up by PC Magazine,
This week Kaspersky has discovered malicious droppers – programs that install malware – bearing stolen VeriSign certificates originally issued to a Swiss company called Conpavi AG.
One of the droppers carries a 32-bit driver containing a malicious DLL, which gets injected into your Internet browser process. A malicious 64-bit dropper injects the DLL directly.
From there, the DLL reroutes all your search queries in Google, Yahoo!, and Bing, to a pay-per-click search engine called Search 123. Search 123 makes money off people who search and click on their results.
As a colleague of mine commented, this is just another nail in X.509’s coffin. Let’s just hope that not too many innocents are buried along with it.