WARNING: Malicious Web Sites Encrypted with SSL Certs

Hackers have reached an all-time low. Malicious sites have been reported to be encrypted with free SSL Certificates provided by “Let’s Encrypt”, a site which provides free HTTPS certificates. This is scary for internet browsers all over the world for multiple reasons. The first being web surfers are taught to only visit sites that are utilizing a valid SSL Certificate. With skilled hackers using a complex form of “bait and switch” to lure unsuspected victims to their evil internet trap, it is hard to know what sites can be trusted.

How are Hackers Abusing “Let’s Encrypt SSL Certificates?

Internet criminals are using free SSL Certificates for malvertising. This technique is conducted by using web ads to spread malware by inserting malicious advertisements onto safe, legitimate websites. Malware creators are redirecting online users to malicious sites via the pay-per-click ads seen on these “safe sites”.

What type of Malware is being Emitted to Users?

Researchers from the firm Micro Trend discovered that the malvertising campaign lasted until December 31st . The malicious campaign mainly affected users in Japan. The malicious website that Japanese users were exposed to used the Angler Exploit Kit in order to infect the victims’ computers with the Vawtrack Banking Trojan, which is designed to grant access to online bank accounts!

How did this Happen?

The flaws in “Let’s Encrypt” stem from the online system only checking the common name against the Google’s Safe Browsing API to see if the domain has been flagged for phishing or malware. However, “Let's Encrypt” does not checks for shadow domains, like in this case in which creators of the malvertising campaign easily requested and got approved for a HTTPS “Let's Encrypt” SSL certificate. Unfortunately, “Let's Encrypt” has a policy to NOT revoke certificates. In October, “Let’s Encrypt” stated that certification authorities are not equipped to police content and certificates issued by them 'say nothing else about a site’s content or who runs it'.

Stay Protected.

The truth of the matter is the internet is a dangerous place. All users must stay alert while surfing the web and make it a habit to only visit sites that are well-known and trusted. If you have a bad feeling about an ad or web site, you are usually right. Follow your instincts and surf the web responsibility.

Sources

Khandelwal, Swati. "Hackers Install Free SSL Certs from Let's Encrypt On Malicious Web Sites." The Hacker News. N.p., 06 Jan. 2016. Web. 08 Jan. 2016.

#Malvertising  #Phishing-Attacks  #Free-SSL-Certs
#Trogan-Virus  #Bank-Account-Fraud  #HTTPS
#Internet-Security  #"Let's Encrypt"  #Dont-Be-a-Victim