How do you go about getting software published or security certified so when a person downloads it, it says published by: so and so blah blah whatever. I read about "hackers" that are getting there "software" security certified to circumvent much of the legal woes that would normally be defined as illegal activity by getting there software certified or published. All these major companies engage in some pretty unethical business practices but they can get away with it because of an established brand and a clearly established legal business pattern (although that doesn't stop the lawsuits to these behemoths).

This wouldn't apply to identity theft or other blatantly illegal activities (although you legally could milk money out of unwitting "victims?" by fine print fees...assuming a transaction was made to you using their debit or credit card).
But how would you go about getting software certified or published/recognized where it says who it is published by when they go to run it the first time.

I'm not asking because i want to venture into unecthical practices but rather in general because it was something i figured would add further confidence to people downloading my exe's for already legal purposes.

It is called digital signing. You need a trusted authority, such as Verisign or Thawte (or something like that) to extend you or your business a digital certificate that authenticates you as you (or your business as your business). Usually the certificate is not cheap and the trusted authority will usually be very strict with the requirements to get one of these. For example: If you say you want a certificate that proves you're SuperCoolSoftware Inc., you MUST provide an email address from the supercoolsoftware.com domain. Otherwise you're just not getting it.

The verification goes round and round. Who then vet those authorities that issue digital certificates? E.g who go and verify Verisign or Thawte are authentic? And for those who verify them who then in turn verify them? It is an infinite loop :P

It is indeed. Microsoft does add and remove CA's (certification authorities) from Windows via Windows Update on a regular basis, but in the end you'll have to blindly trust someone.

It's not really an "infinite" loop, it just resolves to a number of internationally acknowledged authorities.

PS: You may want to look into cacert - I don't know if this applies to businesses, but they do hand out free certificates (still require a validation though)
http://www.cacert.org/
PPS: The only problem with cacert is that their root certificate isn't included in any browsers yet - conspiracy? I don't know, but they are actually trustworthy.

internationally acknowledged authorities

What used to be a internationally acknowledged authorities can easily in decades down the round disappear isn't it? In the Accounting arena, there used to be a Big Five correct? Then one big scandal and Arthur Anderson go 'missing in action'.

That is my take on what is internationally acknowledged authorities :P

Well, I never said permamently internationally accepted authorities. Certificates need to be renewed periodically anyways.