Opera Falls Flat as Security Certificate Stolen
|Opera's clean and easy-to-navigate interface|
Were you using a browser called Opera between 9 p.m. and 9:36 p.m. Eastern Daylight Time on Tuesday, June 18? If so, you may have unknowingly downloaded malware to your computer.
The Norwegian-based makers of an Internet browser called Opera reported today (June 27) that they discovered a security breach in their system on June 18.
Opera said that no user data was compromised during the attack and the breach has been repaired, but said criminals were able to steal at least one Opera code signing certificate that could be used—and in at least one instance was used— to disguise malware as official Opera software.
A code signing certificate, or digital certificate, is a means of verifying that software is what it says it is (akin to a signature or an official seal). For example, anyone can create a piece of software, name the file Opera.exe, and design the pop-up menu to look like an Opera update.
The only way to be sure that the software you're getting is from who it says it's from is by checking the digital certificate. [See also: How Android Phone Makers, Carriers Leave You Unprotected]
It seems that the cybercriminals didn't just acquire one of Opera's digital certificates. The company found evidence that the cybercriminals added this digital certificate to a Trojan-type malware. This phantom of the Opera was then circulated, disguised as an official browser update, during that 36-minute window on June 18.
Even Opera users who weren't logged on during that time should still be careful — it appears to be entirely possible that other malware using the stolen certificate might remain undetected.
Opera’s not popular, but it is innovative and influential—it was the first browser to implement multiple tabs for the same window, for example. That’s why top-level nerds pay attention to it. The browser has about 300 million users, according to a report on its developers' website in February 2013. For many users, this browser provides a valued alternative to the "big four" browsers: Internet Explorer, Firefox, Google Chrome and Safari.
If you believe your system is at risk, you can go to Opera's website (www.opera.com) and download the latest assured version. Opera will also be unrolling a security update soon that will introduce a new code signing certificate.
Finally, make sure your anti-virus protection is up to date, as the majority of anti-virus providers are able to close the curtain on that malware despite the Opera certificate.