Researcher generates executable MD5 collisions with Authenticode signed binary

We have heard quite a bit recently about the dangers of using MD5, a now-broken cryptographic hash routine, for determining the validity of SSL certificates. Today we see that a researcher has taken a major step in generating malicious software whose signature matches that of an Authenticode-signed binary. Researcher Didier Stevens has shown that the technique described by Peter Selinger for generating pairs of executables with the same MD5 hash can be used to generate pairs of executables which are also signed using Microsoft's Authenticode program. This technique would allow a malicious individual to create a driver that has been validated as correct and signed by Microsoft but is actually malicious.

Much like the SSL issue, the scope of the problem is limited as the default mechanism for Authenticode signing is actually SHA-1 and not MD5. Nevertheless, the developments in hash collision generation is particularly disturbing when it comes to executables. I am concerned that at some point, an individual will be able to generate hash collisions in between malware and popular legitimate software, allowing them to evade signature-based anti-virus systems and have the software validate against binary whitelisting services.

That would officially be a "bad day."