I think it only affects install time. Currently-installed copies will continue to run.
Based on what was said in the Atsiv incident, I think there is an internal CRL in Windows to which Microsoft could add the program, and that would be checked at load time. They don't do this casually as it requires a Windows Update distribution. Microsoft could also add a Windows Defender signature for it, as they did with Atsiv. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.eweek.com/cheap_hack/ Contributing Editor, PC Magazine [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, September 14, 2007 11:50 AM To: Alex Eckelberry Cc: [email protected] Subject: Re: [funsec] Sunbelt: Gromozon Malware Digitally Signed by Thawte On Wed, 12 Sep 2007 20:01:22 EDT, Alex Eckelberry said: > Fyi, Verisign just notified me that the cert has been revoked. And does anything that looks at that certificate actually *USE* the CRL to verify it's un-revokedness before continuing? :) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
