Which SSL Reviews

SSL Certificates

Phony Antivirus Uses SSL Certificates To Dupe Antivirus Scan

December 5, 2013 | By Editor 

Stealing SSL Certificates

The trick of stealing SSL Certificates and using them as a fake decoy to stop antivirus programs from scanning them, is becoming prevalent among malware distribution. This is a tried and tested method because once they are encrypted with a proper coded cert, the AV program will consider it to be safe to use. Besides, encryption helps criminals seals malicious codes and software inside them. Most programs will not be able to read what is stored inside which makes it easier to transport the same to the targeted computers or an entire network.

Compared to any other defensive system, antivirus software is the most reliable of all. For over a decade, it has been helping millions of consumers safeguard themselves against attacks and make sure intrusions doesn’t occur. To evade this, attackers are now using stolen digital certificates.

One of the major uses of original certificates is that if they are issued by a reputed certificate authority, no browser or any other scanning tool will suspect it. The problem is that CAs wouldn’t issue these certs without verifying domain identity and in some cases, as the extended validation, will only be issued after verifying the organization. Skipping these security measures, criminals steal user keys and use SSL Certificates that were originally meant for brands to distribute malware. Such instances are being witnessed regularly.

Antivirus developing companies are now planning to take strict measures against such forgery and to check whether the link or file with a cert is actually sent by the company. IP address will help them achieve their goals and the same will go companies as well. A more secure verification is much needed at the moment to stop malware distribution.

A new system which will continue to monitor all valid certificates will be introduced at the earliest. This will keep checking those SSL certificates that are in use, but not under the control of the proposed company. If so, the company or brand will instantly be notified to take immediate action. Similar notifications will be sent to the certificate authority so that they can find the origin of the theft to disable the private key and make sure no malware distribution or illegal activity is carried out by a fake certificate holder. System wide modifications and better monitoring system has become mandatory with the advent of such unique threats. It also proves that certificates are the most secured of them all and they cannot be cracked, but only stolen due to various reasons.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in SSL Certificates

Be Sociable, Share!

Leave a Comment


* fields are mandatory