Malware targeting GnuPG/PGP Keyrings

Ingo Klöcker kloecker at
Fri Sep 26 21:49:08 CEST 2008

On Thursday 25 September 2008, Robert J. Hansen wrote:
> David Shaw wrote:
> > It seems odd for a malware author to spend time going after such a
> > small "target market".  Going after company-wide installs, perhaps?
> I would imagine the author thinks people with keyrings are high-value
> targets, who will be putting high-value secrets in encrypted mails. 
> But that's just a guess on my part.

I'd say OpenPGP keys used for signing software (e.g. the source code of 
GnuPG) are much more valuable than keys used for encrypting messages, 
at least, for people who are constantly trying to get other people to 
install their malware. Imagine a trojan GnuPG with a valid signature 
made with Werner Koch's key.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20080926/13ebe01a/attachment.pgp>

More information about the Gnupg-users mailing list