It's Signed, therefore it's Clean, right?
Windows Vista and Windows 7 in particular have brought a lot of changes that improve security. One of them is to encourage Authenticode signature on binaries and get developers to sign their software. Authenticode signing is claimed to improve system security and make it easier to establish that some particular piece of software can be trusted. After all as long as signature is valid the binary has not been tampered with. However along with the rise in the number of signed applications we have also started to see a lot more malware that has valid signature created with certification authority signed key. A something we have not seen before. This presentation proves insight into scope of the problem, just how much signed malware is out there, why it has been signed, and what should be done about the problem.