In recent years security experts have discovered many cases in which bad actors have abused of digital certificates for illicit activities, from malware distribution to Internet surveillance.
Botmasters are exploiting new techniques to avoid detection by security experts and law enforcement agencies, let’s consider, for example, that many attackers are using SSL to protect malicious traffic between C&C and infected machines.
A researcher has started a new initiative to track the certificates used by bad actors in malicious operations and publish them in a blacklist, dubbed SSL Black List.
The SSL Black List is part of the project started by a Swiss security researcher at Abuse.ch who has participated in the last years to the investigations on the principal major banker Trojan families and botnets.
Each item in the list associates a certificate to the malicious operations in which attackers used it. The abuses include botnets, malware campaigns and banking malware.
The archive behind the SSL Black List, which actually include more thank 125 digital certificates, comprises SHA-1 fingerprints of each certificate with a description of the abuse. Many entries are associated with popular botnets and malware-based attacks, including Zeus, Shylock and Kins.