The thing about this...

if you look hard enough, you will find Malware already signed by some these signing capable certificates. And the software installs just like it is from Microsoft. Sort of like the "code" the rebels stole to get onto the Moon of Endor to destroy the shield generator. "Its an old code, but it checks out"

Which means, until it expires, and yes they have a short window of usage... but think about how quickly these things spread.

A few days or a week is all it would take to get a good foothold and then, continue with a new cert and on and on and on.