{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T10:12:12Z","timestamp":1775470332670,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1564143"],"award-info":[{"award-number":["CNS-1564143"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"the Department of Defense"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3133958","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"1435-1448","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":41,"title":["Certified Malware"],"prefix":"10.1145","author":[{"given":"Doowon","family":"Kim","sequence":"first","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Bum Jun","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Tudor","family":"Dumitra\u015f","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2017. Convergence. https:\/\/github.com\/moxie0\/Convergence. (2017)."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"crossref","unstructured":"Omar Alrawi and Aziz Mohaisen. 2016. Chains of Distrust: Towards Understanding Certificates Used for Signing Malicious Applications. In Proceedings of the 25th International Conference Companion on World Wide Web (WWW '16 Companion). International World Wide Web Conferences Steering Committee Republic and Canton of Geneva Switzerland 451--456. https:\/\/doi.org\/10.1145\/ 2872518.2888610","DOI":"10.1145\/2872518.2888610"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978301"},{"key":"e_1_3_2_2_4_1","volume-title":"EuroSys BADGERS Workshop","author":"Tudor Dumitra","year":"2011","unstructured":"Tudor Dumitra s , and Darren Shou. 2011. Toward a Standard Benchmark for Computer Security Research: The Worldwide Intelligence Network Environment (WINE). In EuroSys BADGERS Workshop. Salzburg, Austria."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_2_8_1","volume-title":"Proceedings of the 22Nd USENIX Conference on Security (SEC'13)","author":"Durumeric Zakir","unstructured":"Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap: Fast Internet-wide Scanning and Its Security Applications. In Proceedings of the 22Nd USENIX Conference on Security (SEC'13). USENIX Association, Berkeley, CA, USA, 605--620. http:\/\/dl.acm.org\/citation.cfm?id=2534766.2534818"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660311"},{"key":"e_1_3_2_2_10_1","unstructured":"Nicholas Falliere Liam O'Murchu and Eric Chien. 2011. W32.Stuxnet Dossier. Symantec Whitepaper. (February 2011). http:\/\/www.symantec.com\/content\/en\/ us\/enterprise\/media\/security_response\/whitepapers\/w32_stuxnet_dossier.pdf"},{"key":"e_1_3_2_2_11_1","volume-title":"Stuxnet spawn infected Kaspersky using stolen Fox- conn digital certificates. (Jun","author":"DAN GOODIN.","year":"2015","unstructured":"DAN GOODIN. 2015. Stuxnet spawn infected Kaspersky using stolen Fox- conn digital certificates. (Jun 2015). https:\/\/arstechnica.com\/security\/2015\/06\/stuxnet-spawn-infected-kaspersky-using-stolen-foxconn-digital-certificates\/"},{"key":"e_1_3_2_2_12_1","volume-title":"Announcing the first SHA1 collision. (February","year":"2017","unstructured":"Google. 2017. Announcing the first SHA1 collision. (February 2017). https: \/\/security.googleblog.com\/2017\/02\/announcing-first-sha1-collision.html"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"crossref","unstructured":"P. Hoffman and J. Schlyter. 2012. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc6698.txt http:\/\/www.rfc-editor.org\/rfc\/rfc6698.txt.","DOI":"10.17487\/rfc6698"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068856"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.13"},{"issue":"5","key":"e_1_3_2_2_16_1","first-page":"2315","article-title":"PKCS #7","volume":"1","author":"Kaliski Burt","year":"1998","unstructured":"Burt Kaliski. 1998. PKCS #7: Cryptographic Message Syntax Version 1.5. RFC 2315. RFC Editor. http:\/\/www.rfc-editor.org\/rfc\/rfc2315.txt http:\/\/www.rfc-editor.org\/ rfc\/rfc2315.txt.","journal-title":"Cryptographic Message Syntax Version"},{"key":"e_1_3_2_2_17_1","volume-title":"Kleinbaum and Mitchell Klein","author":"G.","year":"2011","unstructured":"David. G. Kleinbaum and Mitchell Klein. 2011. Survival Analysis: A Self-Learning Text (3 ed.). Springer."},{"key":"e_1_3_2_2_18_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Kotzias Platon","year":"2016","unstructured":"Platon Kotzias, Leyla Bilge, and Juan Caballero. 2016. Measuring PUP prevalence and PUP distribution through Pay-Per-Install services. In Proceedings of the USENIX Security Symposium."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813665"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23162"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23220"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"crossref","unstructured":"B. Laurie A. Langley and E. Kasper. 2013. Certificate Transparency. RFC 6962. RFC Editor.","DOI":"10.17487\/rfc6962"},{"key":"e_1_3_2_2_23_1","volume-title":"Everything you need to know about Authenticode Code Signing. (Mar","author":"Lawrence Eric","year":"2011","unstructured":"Eric Lawrence. 2011. Everything you need to know about Authenticode Code Signing. (Mar 2011). https:\/\/blogs.msdn.microsoft.com\/ieinternals\/2011\/03\/22\/everything-you-need-to-know-about-authenticode-code-signing\/"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815685"},{"key":"e_1_3_2_2_25_1","unstructured":"Microsoft. 2001. Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard. (2001). https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms01-017. aspx"},{"key":"e_1_3_2_2_26_1","volume-title":"Windows Authenticode Portable Executable Signature Format. (Mar","year":"2008","unstructured":"Microsoft. 2008. Windows Authenticode Portable Executable Signature Format. (Mar 2008). http:\/\/download.microsoft.com\/download\/9\/c\/5\/ 9c5b2167-8017-4bae-9fde-d599bac8184a\/Authenticode_PE.docx"},{"key":"e_1_3_2_2_27_1","volume-title":"Virus: Win32\/Induc.A. (April","year":"2011","unstructured":"Microsoft. 2011. Virus: Win32\/Induc.A. (April 2011). https: \/\/www.microsoft.com\/security\/portal\/threat\/encyclopedia\/entry.aspx?name= Virus%3AWin32%2FInduc.A"},{"key":"e_1_3_2_2_28_1","volume-title":"Spatio-temporal Mining of Software Adoption & Penetration. In IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)","author":"Papalexakis Evangelos E.","unstructured":"Evangelos E. Papalexakis, Tudor Dumitras, Duen Horng (Polo) Chau, B. Aditya Prakash, and Christos Faloutsos. 2103. Spatio-temporal Mining of Software Adoption & Penetration. In IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). Niagara Falls, CA."},{"key":"e_1_3_2_2_29_1","volume-title":"ROSCO: Repository Of Signed Code. In Virus Bulletin Conference, Prague, Czech Republic.","author":"Papp Dorottya","year":"2015","unstructured":"Dorottya Papp, Bal\u00e1zs K\u00f3cs\u00f3, Tam\u00e1s Holczer, Levente Butty\u00e1n, and Boldizs\u00e1r Bencs\u00e1th. 2015. ROSCO: Repository Of Signed Code. In Virus Bulletin Conference, Prague, Czech Republic."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.32"},{"key":"e_1_3_2_2_31_1","volume-title":"The Duqu 2.0 persistence module. (Jun","author":"Global Research Kaspersky Lab's","year":"2015","unstructured":"Kaspersky Lab's Global Research and Analysis Team. 2015. The Duqu 2.0 persistence module. (Jun 2015). https:\/\/securelist.com\/blog\/research\/70641\/ the-duqu-2-0-persistence-module\/"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"e_1_3_2_2_33_1","volume-title":"Flame malware collision attack explained. (Jun","year":"2012","unstructured":"Swiat. 2012. Flame malware collision attack explained. (Jun 2012). https:\/\/blogs.technet.microsoft.com\/srd\/2012\/06\/06\/ flame-malware-collision-attack-explained\/"},{"key":"e_1_3_2_2_34_1","volume-title":"Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software. In 25th USENIX Security Symposium, USENIX Security 16","author":"Thomas Kurt","year":"2016","unstructured":"Kurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean Michel Picod, Cait Phillips, Marc-Andr\u00e9 Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, Elie Bursztein, and Damon McCoy. 2016. Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016. 721--739. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/ technical-sessions\/presentation\/thomas"},{"key":"e_1_3_2_2_35_1","unstructured":"VirusTotal. 2017. www.virustotal.com. (2017)."},{"key":"e_1_3_2_2_36_1","volume-title":"Perspectives: Improving SSH-style Host Authentication with Multi-path Probing. In USENIX 2008 Annual Technical Conference (ATC'08)","author":"Wendlandt Dan","year":"2008","unstructured":"Dan Wendlandt, David G. Andersen, and Adrian Perrig. 2008. Perspectives: Improving SSH-style Host Authentication with Multi-path Probing. In USENIX 2008 Annual Technical Conference (ATC'08). USENIX Association, Berkeley, CA, USA, 321--334. http:\/\/dl.acm.org\/citation.cfm?id=1404014.1404041"},{"key":"e_1_3_2_2_37_1","volume-title":"Virus Bulletin Conference","author":"Wood Mike","year":"2010","unstructured":"Mike Wood. 2010. Want My Autograph? The Use and Abuse of Digital Signatures by Malware. Virus Bulletin Conference September 2010 September (2010), 1--8. http:\/\/www.sophos.com\/medialibrary\/PDFs\/technicalpapers\/digital"},{"key":"e_1_3_2_2_38_1","unstructured":"Liang Xia Dacheng Zhang Daniel Gillmor and Behcet Sarikaya. 2017. CT for Binary Codes. Internet-Draft draft-zhang-trans-ct-binary-codes-04. IETF Secretariat. http:\/\/www.ietf.org\/internet-drafts\/draft-zhang-trans-ct-binary-codes-04. txt http:\/\/www.ietf.org\/internet-drafts\/draft-zhang-trans-ct-binary-codes-04. txt."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644896"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663758"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133958","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133958","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133958","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:26Z","timestamp":1750212806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133958"}},"subtitle":["Measuring Breaches of Trust in the Windows Code-Signing PKI"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":40,"alternative-id":["10.1145\/3133956.3133958","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3133958","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}