cancel
Showing results for 
Search instead for 
Did you mean: 

Please read if you have you or are you downloading Windows Software.

Community Veteran
Posts: 5,471
Thanks: 1,451
Fixes: 34
Registered: 16-10-2014

Please read if you have you or are you downloading Windows Software.

If you have or are then you may want to check the root certificate of the certificate used to sign the installer.

Sha1 thumbprint:    33FCD70343BBE07972D73CDEFDEB3C9F4DCEFE28
Validity:           2015-07-21 23:05:08 -> 2020-07-20 23:05:08

The above is a forged Google Root Certificate that has all EKUs enabled so can be used for any purpose. If you find the details above remove the software and scan your PC for root kits, trojans et al.

To check the certificate right click the application and select its properties. Select the Digital Signatures Tab and you should be able to view the certificate chain using the Details button.

12 REPLIES
Community Veteran
Posts: 17,782
Thanks: 1,611
Fixes: 19
Registered: 06-11-2007

Re: Please read if you have you or are you downloading Windows Software.

Totally confused.... !... ( easily done ! ! ).. so what is the threat? and what is the "app" that you need to check it on?

 

If it is forged, ( and I`m not saying it isn`t ).. is it wise to post it on a public open forum, for any other miscreants to use ?

I realise that you are trying to help and safeguard other legit users, but am confused as to what it refers.

 

St3
Aspiring Champion
Posts: 2,608
Thanks: 498
Fixes: 5
Registered: 13-07-2012

Re: Please read if you have you or are you downloading Windows Software.

im confused too

Minivanman
Seasoned Hero
Posts: 6,016
Thanks: 1,595
Fixes: 1
Registered: 04-11-2014

Re: Please read if you have you or are you downloading Windows Software.

I'm confused as to why it's on General Chat Roll eyes

I know where I am, I've been lost here before.
Moderator
Moderator
Posts: 18,439
Thanks: 2,825
Fixes: 226
Registered: 06-04-2007

Re: Please read if you have you or are you downloading Windows Software.

Moderator's note:

I've moved this thread to Tech Help.

 

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

VileReynard
Seasoned Pro
Posts: 10,997
Thanks: 265
Fixes: 11
Registered: 01-09-2007

Re: Please read if you have you or are you downloading Windows Software.

You mean Windows trusts all sites with a valid certificate for software installs?

Anyone can purchase a valid certificate for a web site.

Community Veteran
Posts: 17,782
Thanks: 1,611
Fixes: 19
Registered: 06-11-2007

Re: Please read if you have you or are you downloading Windows Software.

Linux troll at it again.. Roll eyes

Community Gaffer
Community Gaffer
Posts: 3,315
Thanks: 2,046
Fixes: 74
Registered: 22-02-2016

Re: Please read if you have you or are you downloading Windows Software.

Google was quick to index the OP.

Screen Shot 2017-04-28 at 15.03.35.png

But in all seriousness, the top link on that search also confirms this revelation.

@Mook, I have so much software installed on my home computer it would be impossible to check absolutely everything. Are there any particular methods in checking everything for this root cert? Will this make it so malicious software could take the cert and trick computers into thinking its from a trusted source?

Sorry for the questions, I have never seen this before.

Frontend Web Developer | www.plus.net

If you have an idea to improve the community, create a new topic on our Community Feedback board to start a discussion about your idea.

Moderator
Moderator
Posts: 18,439
Thanks: 2,825
Fixes: 226
Registered: 06-04-2007

Re: Please read if you have you or are you downloading Windows Software.

Moderator's note:

A post was removed at the poster's request.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Community Veteran
Posts: 5,471
Thanks: 1,451
Fixes: 34
Registered: 16-10-2014

Re: Please read if you have you or are you downloading Windows Software.

Sorry for the delay in responding as I didn’t subscribe to the thread and it was @jaread83's mention that brought me here. Also I posted this in General so it would get the most readers due to the nature of it.

Because this certificate can be used for any purpose a developer could generate their own code signing certificate from if. After signing their application it would appear to be legitimate, as it would have a valid certificate chain.

I'd say when you see a digitally signed application (regardless of what it does) you have a tendency to trust it implicitly. But applications signed with this root certificate should not be trusted.

You may want to use the RCC utility cited in the HXA google result, you can download that from here. Remembering to check the hash of course.

My post may well be presumptive but this is a given opportunity to the malicious code writer that I think would be hard to ignore, and I have posted here due to the fact that some users download ‘useful’ utilities from the internet.

I was simply trying to be helpful!

 

Community Veteran
Posts: 4,875
Thanks: 126
Fixes: 24
Registered: 14-07-2009

Re: Please read if you have you or are you downloading Windows Software.

I downloaded the Root Certificate scanner rcc.exe but Windows tells me it does not have a valid digital signature.

Community Gaffer
Community Gaffer
Posts: 3,315
Thanks: 2,046
Fixes: 74
Registered: 22-02-2016

Re: Please read if you have you or are you downloading Windows Software.

I will give this a go later on when I get home. I don't think I have any dodgy software installed but you can never be too careful these days. Thanks for sharing Mook!

Frontend Web Developer | www.plus.net

If you have an idea to improve the community, create a new topic on our Community Feedback board to start a discussion about your idea.

Community Veteran
Posts: 5,471
Thanks: 1,451
Fixes: 34
Registered: 16-10-2014

Re: Please read if you have you or are you downloading Windows Software.

@ReedRichards - Fair enough but from the download link:

Note: Opinions and software posted here are solely my own and do not represent my current employer or any other organization.

Of course it is up to you to trust this, and considering the context of the post that maybe easier said than done. But it is both a trusted individual and source so the choice is yours. But at least it's not signed with a dodgy certificate!