An interesting observation from a colleague, check out the digital certificate information of ‘Wolyx’ the Windows backdoor packaged with ‘Olyx’ below:
Issued By: WoSign Code Signing Authority
Issued To: CN, Yunnan, Kunming, Kunming Wuhua District YanXing Technology Sales Department, WoSign Class 3 Code Signing, Kunming Wuhua District YanXing Technology Sales Department
Effective On: 11/03/2009 00:00
Expired On: 11/02/2012 23:59
The place where the revoked digital certificate was issued to was Kunming, Yunnan China.
In the news, you’ll notice that this is the same city of the fake Apple stores.
China officials find 5 fake Apple stores in 1 city
A Chinese city government website says local trade officials have found five fake Apple stores in a southwestern city.
The Kunming government website says authorities in the city in Yunnan province took action against two of the stores, which were found to be operating without a business license.
Officials close 2 of 5 fake Apple stores
KUNMING – Officials looking into the illegal sale of Apple gadgets say they are waiting for the electronics company to respond before they decide whether to close three more possibly unlicensed stores. [Read http://www.chinadaily.com.cn/usa/us/2011-07/26/content_12980613.htm]