zScaler: Resurgent Lethic using Stuxnet Tricks

ID THREATPOST:04B222C36E50811C64E29AE6554D4BBF
Type threatpost
Reporter Paul Roberts
Modified 2013-04-17T16:35:42


Newly detected versions of the Lethic botnet are digitally signed using stolen credentials similar to those used by the Stuxnet worm, according to a blog post from Web security firm zScaler.

In a blog post Wednesday, zScaler Senior Security Researcher Mike Geide said the company had intercepted new Lethic variants that were signed using legitimate digital signatures belonging to Taiwanese semiconductor firm Realtek Semiconductor Corp. That’s one of two firms whose credentials were used to help the Stuxnet worm fool detection systems and install itself on target systems.