You'll love this one:
https://www.wired.com/story/zloader-mic ... tion-hack/
The widely used malware ZLoader crops up in all sorts of criminal hacking, from efforts that aim to steal banking passwords and other sensitive data to ransomware attacks. Now, a ZLoader campaign that began in November has infected almost 2,200 victims in 111 countries by abusing a Windows flaw that Microsoft fixed back in 2013.
Microsoft calls its code-signing process “Authenticode.” It released a fix in 2013 that made Authenticode's signature verification stricter, to flag files that had been subtly manipulated in this way. Originally the patch was going to be pushed to all Windows users, but in July 2014 Microsoft revised its plan, making the update optional.
https://www.zdnet.com/article/malsmoke- ... erattacks/
"Microsoft addressed the issue in 2013 with a Security Bulletin and pushed a fix," the researchers say. "However, they stated after implementing it that they "determined that impact to existing software could be high." Therefore, in July 2014, they pulled the stricter file verification and changed it to an opt-in update. In other words, this fix is disabled by default, which is what enables the malware author to modify the signed file."
I have the fix in my XP download shit, but it's not activated. Don't necessarily think I should turn it on either. I don't wanna listen to people bitch. But, if you want it on:
https://docs.microsoft.com/en-us/securi ... dfrom=MSDN
For 32-bit versions of Microsoft Windows
Paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension (for example, enableAuthenticodeVerification.reg).
Code: Select all
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="1"
You can apply this .reg file to individual systems by double-clicking it.
Note You must restart the system for your changes to take effect.
I guess if you don't like the results, turning it off should be easy:
Code: Select all
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]
"EnableCertPaddingCheck"="0"
Again, double-click, restart.