We have found the following trojan on one of our devices:
HEUR:Trojan.Multi.Blacert.a
Unfortunately the analyst deleted the file before we got a chance to investigate if it was a false positive or not.
I cannot find any details on this trojan other than some references to Kaspersky finding it.
Can anyone tell me anything about this malware? What are it’s exploit method or any protocols it tries to leverage?
Thanks in advance.
Best answer by Danila T.
View original
+9
Is the detection available in Kaspersky → More Tools → Reports → (Select “Time”)
Hi, similar to another post unresolved post…
A Trojan was found and removed on my work computer.
What is HEUR:Trojan.Multi.Blacert.a intentions?
Hello,
This is a detection on the leaked Dell certificate that was used to sign the malware.
Thank you Danila
Is this the Dell root certificate for which the private keys were leaked online?
Is the below basically correct?
If your Dell PC contains this certificate, it might be vulnerable to this threat. A PC with this certificate could be vulnerable to SSL/TLS spoofing attacks, and can allow an attacker to digitally sign binaries so that they are trusted by the affected PC. This can give an attacker control over your PC and browsing experience.
The certificates can be found in Dell PCs running the following Windows operating systems:
An attacker can exploit a certificate using phishing or man-in-the-middle attacks to decrypt, modify or spoof HTTPS websites, such as banking, social media, or email websites.
This could allow a malicious hacker to steal your user names, passwords, and confidential data. They could also carry out transactions without your knowledge, even when it seems like you have a secure browser connection to a website.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
back
