Following the recent leak of D-Link private keys that allowed malwares to disguise themselves as legitimate Windows apps, Microsoft finally issued an order to revoke the entire leaked code-signing key.
According to The Register, the Taiwanese networking equipment manufacturer D-Link started leaking private keys in February. Investigation shows that the keys expired on Sept. 3.
Online security experts said that during that six month period, hackers can use those keys in order to digitally sign their malware and disguise it as a legitimate D-Link application. This means that a piece of software signed using D-Link's private keys can freely run and infect on the suspecting victim's computer.
Hidden along the GPL-licensed source files were passphrases and code-signing certificates that can be used to unlock not only D-Link's private keys but also from several other corporation. Reports claim that private keys from KEEBOX, Alpha Networks and Starfield Technologies were also leaked.
Fox-IT researcher Yonathan Klijnsma confirmed that all the leaked D-Link private keys were valid. Klijnsma told Kaspersky's Threat Post, "I think this was a mistake by whoever packaged the source code for publishing. The code signing certificate was only present in one of the source code packages with a specific version."
Experts said that even if Microsoft did not revoke the keys, they will still be useless since they have already passed their expiration date. Upon expiration, Windows will detect that these keys are suspicious and can no longer be trusted.
On D-Link's part, the company has already released an update to its firmware in order to remove the leaked certificates.