Researchers at F-Secure recently found malware that's digitally signed with a stolen code-signing certificate.

"The malware uses a certificate for, which is the Agricultural Research and Development Institute of Malaysia," writes CNET News' Elinor Mills. "That agency told F-Secure that the certificate had been stolen 'quite some time ago.' It expired at the end of September so is no longer effective for authentication."

"The Trojan program, which F-Secure detected as Agent.DTIW, spreads via malicious PDF files that exploit a vulnerability in Adobe Reader 8, according to the F-Secure blog," Mills writes.

Go to "F-Secure finds rare digitally signed malware" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.