Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Organizations Warn of Fraudulent SSL Certificates

Fraudulent SSL Certificate Warning

US-CERT, Microsoft, Mozilla and other organizations have issued warnings regarding fraudulent (fake) SSL certificates being issued.

According to the Comodo Group, Inc., the certificate authority responsible for issuing the fraudulent certificates, a Comodo affiliate RA was compromised on March 15th 2011, resulting in the fraudulent issue of 9 SSL certificates to sites in seven domains.

Fraudulent SSL Certificate Warning

US-CERT, Microsoft, Mozilla and other organizations have issued warnings regarding fraudulent (fake) SSL certificates being issued.

According to the Comodo Group, Inc., the certificate authority responsible for issuing the fraudulent certificates, a Comodo affiliate RA was compromised on March 15th 2011, resulting in the fraudulent issue of 9 SSL certificates to sites in seven domains.

According to Microsoft, the certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Comodo emphasizes each of the certificates were revoked immediately on discovery and that their monitoring has not detected any attempted use of the certificates after their revocation.

The fraudulent certificates affect the following Web properties:

• login.live.com

• mail.google.com

• www.google.com

Advertisement. Scroll to continue reading.

• login.yahoo.com (3 certificates)

• login.skype.com

• addons.mozilla.org

• “Global Trustee”

Accorindg to Mozilla, users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it’s coming from a trusted site. Mozilla has updated Firefox 4.0, 3.6, and 3.5 to recognize the certificates and block them automatically.

Comodo’s incident report shows that the attack came from several IP addresses, mainly from Iran. According to the report, “The attacker was well prepared and knew in advance what he was to try to achieve. He seemed to have a list of targets that he knew he wanted to obtain certificates for, was able quickly to generate the CSRs for these certificates and submit the orders to our system so that the certificates would be produced and made available to him.”

Additional Resources:

Microsoft

Mozilla

US-CERT

Comodo

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights