Malware targeting GnuPG/PGP Keyrings

David Shaw dshaw at
Sat Sep 27 03:48:53 CEST 2008

On Sep 26, 2008, at 3:49 PM, Ingo Klöcker wrote:

> On Thursday 25 September 2008, Robert J. Hansen wrote:
>> David Shaw wrote:
>>> It seems odd for a malware author to spend time going after such a
>>> small "target market".  Going after company-wide installs, perhaps?
>> I would imagine the author thinks people with keyrings are high-value
>> targets, who will be putting high-value secrets in encrypted mails.
>> But that's just a guess on my part.
> I'd say OpenPGP keys used for signing software (e.g. the source code  
> of
> GnuPG) are much more valuable than keys used for encrypting messages,
> at least, for people who are constantly trying to get other people to
> install their malware. Imagine a trojan GnuPG with a valid signature
> made with Werner Koch's key.

That's a good point.  At the moment, the majority of OpenPGP keys used  
for signing software exists in the Unixish world, which as a class are  
reasonably less vulnerable (for both engineering and user base  
reasons) to this sort of malware.  Still, compromises do happen and  
will inevitably happen more.  Just a few weeks ago, the Red Hat folks  
had a breakin where the attacker managed to sign a few RPMs for their  
Enterprise Linux distribution: < 


More information about the Gnupg-users mailing list