Analysts with UK-based Internet research firm Netcraft have discovered a considerable number of fake SSL certificates in the wild, created to impersonate banks, social networks, payment and ecommerce providers, and so on.
Since 2009, variants of the Winwebsec rogue AV family have been trying to trick users into believing their computer has been infected and into paying for “registering” the software to get rid of the (non-existent) threat.
Opera Software has finally come out with more details about the recent compromise of its internal infrastructure, the theft of an expired code signing certificate, and the delivery of malware signed with it through the auto-update mechanism to Opera users.
A breach of the Opera Software internal infrastructure has resulted in the theft of an expired Opera code signing certificate and used it to sign a piece of malware, package it and push it out as an update for the Opera browser.
Every business and government is dependent upon cryptographic keys and certificates to provide trust for critical communications.