The malware uses a certificate for mardi.gov.my, which is the Agricultural Research and Development Institute of Malaysia. That agency told F-Secure that the certificate had been stolen "quite some time ago." It expired at the end of September so is no longer effective for authentication.
The Trojan program, which F-Secure detected as Agent.DTIW, spreads via malicious PDF files that exploit a vulnerability in Adobe Reader 8, according to the F-Secure blog.
"The malware downloads additional … Read more