Brought to the forefront in 2010 with Stuxnet, the infamous worm aimed at sabotaging industrial infrastructure, the use of stolen digital certificates is relatively new. Stuxnet's creators digitally signed its rootkit components with stolen certificates from JMicron and RealTek, a pair of semiconductor manufacturers. The worm's existence and complexity caught the security community by surprise. In fact, many researchers predicted that malware creators would begin adopting the same technique to work around driver signature enforcement employed by Microsoft in its 64-bit versions of Windows V...