Malware targeting GnuPG/PGP Keyrings
dshaw at jabberwocky.com
Sat Sep 27 03:48:53 CEST 2008
On Sep 26, 2008, at 3:49 PM, Ingo Klöcker wrote:
> On Thursday 25 September 2008, Robert J. Hansen wrote:
>> David Shaw wrote:
>>> It seems odd for a malware author to spend time going after such a
>>> small "target market". Going after company-wide installs, perhaps?
>> I would imagine the author thinks people with keyrings are high-value
>> targets, who will be putting high-value secrets in encrypted mails.
>> But that's just a guess on my part.
> I'd say OpenPGP keys used for signing software (e.g. the source code
> GnuPG) are much more valuable than keys used for encrypting messages,
> at least, for people who are constantly trying to get other people to
> install their malware. Imagine a trojan GnuPG with a valid signature
> made with Werner Koch's key.
That's a good point. At the moment, the majority of OpenPGP keys used
for signing software exists in the Unixish world, which as a class are
reasonably less vulnerable (for both engineering and user base
reasons) to this sort of malware. Still, compromises do happen and
will inevitably happen more. Just a few weeks ago, the Red Hat folks
had a breakin where the attacker managed to sign a few RPMs for their
Enterprise Linux distribution: <http://rhn.redhat.com/errata/RHSA-2008-0855.html
More information about the Gnupg-users