A forum for reverse engineering, OS internals and malware analysis 

All off-topic discussion goes here.
 #9721  by EP_X0FF
 Thu Nov 17, 2011 4:13 am
Not really useful. They have are DB entries related to viruses which are modified signed binaries making their certificate invalid and entries with out-dated or invalid certificates (for example ripped from other program and joined with malware). How many such junk in DB is unknown.

Example.
ZXCA Lab. Geotrust ‎10 a7 db 11/27/2008
to
12/11/2009 08/11/2011
http://www.virustotal.com/file-scan/rep ... 1313000834
 #9728  by frank_boldewin
 Thu Nov 17, 2011 1:27 pm
EP_X0FF wrote:Not really useful. They have are DB entries related to viruses which are modified signed binaries making their certificate invalid and entries with out-dated or invalid certificates (for example ripped from other program and joined with malware). How many such junk in DB is unknown.

Example.
ZXCA Lab. Geotrust ‎10 a7 db 11/27/2008
to
12/11/2009 08/11/2011
http://www.virustotal.com/file-scan/rep ... 1313000834
thanx for the hint. haven't checked that in detail. and you are right, it's nearly useless if certs listed in db are not valid, like with stuxnet or duqu.