Secure Shopping

Let’s Encrypt certificates exploited for malvertising campaign

January 18, 2016 | By Comodo SSL

Cyber security companies offer free security products to show up their market presence. This benefits the users who are looking out for a free security software. Trial SSL certificates are out in the market for the webmasters to protect their websites. Are the free certificates in the right use? With hackers finding new ways and methods to attack the users and with free certificates in the market, cyber thieves go bonkers in exploiting these free certificates to perform malvertising campaigns.

What is Malvertising?
Malicious Advertising in short is called Malvertising. It exploits online advertising to spread malware. This administers malware-laden advertisements into genuine webpages and online advertising networks.

How does Malvertising affect the virtual world
When the user gets attracted towards the malware advertisement thinking it to be a genuine one, the user gets redirected to malicious site unknowingly. The malicious site hosts malicious commands to install a malware on the victim system.

Let’s Encrypt certificates exploited for Malvertising
Lets Encrypt intends to make encryption much easier and cheaper and hence offers free SSL Certificates. It is run by the Internet Security Research Group and is supported by Cisco, Electronic Frontier Foundation, Mozilla, and Akamai. It is a huge project that issues free digital certificates to enhance the security over the Internet.

Later recently, Trend Micro had discovered malicious sites with SSL Certificates issued by Let’s Encrypt towards the end of December 2015. This has blown down 3000 Japanese websites exposing close to 500,000 users to the malvertising campaign.

Let’s Encrypt started in September 2015 with a limited beta phase while it went public during the first week of December. With corrupted cyber criminals around, free encryption certificates are their main mode of attack as they are very much vulnerable to exploit. The cyber criminals implemented domain shadowing technique to create creepy sub-domains within the original ones hence these malware laden domains goes unnoticed when there is a bad behaviour happening amidst the approved domains.

SSL Certificates

<< Try 90 Day Full Trial SSL Certificate before you BuyChoosing the ‘Most Secure’ Online Money Transfer Service >>

Posted in Secure Shopping

Be Sociable, Share!

Leave a Comment


* fields are mandatory