Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Free Certificates of Let’s Encrypt Being Used in Malvertising Campaign

Distribution of free digital certificates by an organization benefits cybercriminals, which is generating a difference over how to tackle this mishandling.

Trend Micro wrote on 5th January, 2016, stating that it exposed a cyberattack on 21st December which was designed to install banking malware on computers.

cio posted on 6th January, 2016, stating that cybercriminals had compromised a genuine website and created a subdomain leading to a server under their control. The subdomain will show a malicious advertisement, which would redirect user to sites hosting the Angler exploit kit that looks for vulnerabilities of software to install malware.

The subdomain used an SSL/TLS certificate, encrypting traffic between a server and the computer of a user.

The use of encryption protects the malware from security scanners of the network during transit and the certificate helps to legitimize the malicious site.

Before installing a certificate of Let's Encrypt, an anonymous web server was compromised by the attackers, an own subdomain was formed for website of the server, and acquired a free HTTPS certificate for that sub-domain. The certificate was issued by Let's Encrypt, a project that is run by the ISRG.

Let's Encrypt entered public beta on 3rd December, and used certificate of Let's Encrypt on 21st December to hide its operations as per the researchers of Trend Micro on the first malvertising campaign.

The campaign continued till 31st December, and affected mainly users located in Japan. Users, who received these malicious ads through this campaign, were taken to a page contained the Angler exploit kit, which infected them with Vawtrack banking Trojan.

This project is destined to see more abuses with webmasters realizing its actual capabilities as Let's Encrypt was installed on 1871 websites out of most famous 1 million websites.

As a policy, Let's Encrypt had decided not to cancel certificates. The organization explained in October that Certification Authorities (CAs) are not armed with police content.

It is very difficult for any CA to stop the creation of new certificates for different domains by attackers, and moreover CAs cannot identify and respond fast enough.

To stop malicious ads, online ad brokers can implement internal controls as alternative approach.

» SPAMfighter News - 1/12/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page