Symantec is phasing in a new trust mark to ensure Web users that the sites they are visiting are safe. Symantec has been replacing "VeriSign Trusted" with "Norton Secured, powered by VeriSign."

When Kaspersky Lab last week spotted code-signed Trojan malware dubbed Mediyes that had been signed with a digital certificate owned by Swiss firm Conpavi AG and issued by Symantec, it touched off a hunt to determine the source of the problem.

Security firm Kaspersky Lab Thursday said it's identified a malicious program that appears to make use of a compromised Symantec VeriSign digital certificate issued to Conpavi AG, which is known to work with Swiss government agencies. Kaspersky says it has asked Symantec VeriSign to revoke the compromised certificates.

Security companies have recently identified multiple malware threats that use stolen digital certificates to sign their components in an attempt to avoid detection and bypass Windows defenses.

Qualys, the Redwood Shores, Calif.-based security firm specializing in vulnerability assessment and management, is poised for an initial public offering (IPO) later this year.

A VeriSign filing with the Securities and Exchange Commission reveals that the company suffered more than one data breach in 2010, raising questions about how secure the company's products are and what customers should do about it.

VeriSign, the company responsible for guiding most of the world's Internet users to the correct websites and once the largest encryption certificate issuing authority, has acknowledged that it was successfully hacked several times in 2010.

Will 2012 be the year when US retailers, banks and content providers finally bolster their DNS systems with an add-on security measure that prevents Web site spoofing? That's what advocates of the security measure - dubbed DNSSEC for DNS Security Extensions - are hoping will occur.