nss Cybersecurity As a Service
nss Privileged Access Management
nss MSP & ITSP Integrated Solutions
nss Data Security Management
nss Password Management for MSPs
nss Vulnerability Assessment & Management
nss Application Security Testing for Enterprise
nss Link Load Balancing, Wifi & SDWAN
nss Next-gen threat resilience
nss Document Security
nss Server Load Balancing, Secure GW, WAN Optimization
nss Email Archiving
nss PKI Solutions & Identity Services
nss Tiered Backup Storage
nss Physical / Virtual Backup & Disaster Recovery
nss Secure Critical Communications
nss SIEM & Log Management
nss Threat & Vulnerability Management Platform
PRODUCTS
PRODUCTS
Facebook Twitter Linkedin Youtube Rss
nss
nss
nss
nss
nss
nss
nss
nss
nss
nss
nss
nss
nss
nss
nss
nss
nss
nss

Opera breached, has code cert stolen, possibly spreads malware – advice on what to do

On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments. The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate“.

The conclusions we reached, based on the announcement above, were:

  • The network was breached.
  • A code-signing key was stolen.
  • Malware has been signed with it and circulated.
  • At least one infected file was posted on an Opera server.
  • That file may have been downloaded and installed by Opera itself.
  • Cleanup and remediation has now been done at Opera.
  • That sounds a bit more like Security breach not stopped.
  • How else could a signed-and-infected file have been automatically downloaded by an already-installed instance of Opera? Anyway, wouldn’t Opera’s auto-update have failed or produced a warning due to the expired certificate? Until Opera has worked out the answer to these questions, Opera users probably want to assume the worst.

The good news is that the malware involved is widely detected by anti-virus tools, and the period of possible exposure via Opera itself was at most 36 minutes.

→ According to Opera, Sophos products block the offending file as Mal/Zbot-FG.

So, if you are an Opera for Windows user:

  • Download a fresh copy of the latest version (since the buggy download appears to be a thing of the past).
  • Make sure your anti-virus is up to date.
  • If you can spare the time, do an on-demand (“scan now”) check of your computer.
  • If we find out more detail about whether malware was distributed by existing Opera installations or not, we’ll let you know.

You can read the original article, here.

Are you ready to move on to the next level?
Contact us
Facebook Twitter Linkedin Youtube Rss

NSS

Visitor Info

Operating System: -
IP Address: 18.189.32.162

Contact us

Emergency Disinfection
Copyright © NSS. All Rights Reserved.
website by 9AM