Nvidia: Hackers use certificates to disguise viruses as graphics card drivers

Nvidia’s confidential data was stolen, which made the majority of users eat a lot of melons. But from now on, everyone should be careful, don't just focus on eating melons. Because hackers are using stolen data to create viruses that can fool the system. The leaked data includes two signing certificates that Nvidia developers use to sign drivers and executables.

After obtaining the certificate, hackers can deceive the system by disguising malicious programs as software developed by Nvidia, such as graphics card drivers. Online virus-checking platform VirusTotal shows that hackers have begun trying to sign remote-access Trojans with certificates. Security personnel also took notice.

Now hackers and security personnel are engaged in an offensive and defensive battle. Hackers upload the packaged virus to VirusTotal, which integrates almost all antivirus software on the market. If it is not detected by anti-virus software, it means that the malicious code is relatively safe and can be put into use.

In addition to the Trojans mentioned above, there are people who sign Windows drivers with certificates. Although the certificate used for signing has expired, it still poses a risk to Windows systems.

In order to ensure backward compatibility and prevent the system from being unable to boot, Windows systems will accept drivers issued with certificates before July 29, 2015 in some cases. So with an expired certificate, the virus can also disguise itself as a legitimate Nvidia driver.

So what should users do to prevent poisoning? David Weston, director of corporate and operating system security at Microsoft, gave the countermeasure on Twitter: Configure the Windows Defender Application Control Policy as an administrator, so you can control which drivers can be loaded and prevent viruses from being loaded into the system.

However, using this method is more complicated and not suitable for computer novices. It has been suggested that Microsoft revoke the license for the two expired Nvidia certificates, which in turn could lead to the blocking of the real Nvidia driver.

Microsoft is really having a hard time. But the good news is that although the system's built-in anti-virus software is not easy to use, the scan results of VirusTotal show that many anti-virus software can detect disguised viruses, and things may not be as bad as imagined.

Post a Comment