1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malvertising campaign used a free certificate from Let's Encrypt

Discussion in 'CSO' started by RSS, Jan 7, 2016.

  1. RSS

    RSS New Member Member

    Cybercriminals are taking advantage of an organization that issues free digital certificates, sparking a disagreement over how to deal with such abuse.

    On Wednesday, Trend Micro wrote that it discovered a cyberattack on Dec. 21 that was designed to install banking malware on computers.

    The cybercriminals had compromised a legitimate website and set up a subdomain that led to a server under their control, wrote Joseph Chen, a fraud researcher with Trend.

    If a user went to the site, the subdomain would show a malicious advertisement that would redirect the user to sites hosting the Angler exploit kit, which looks for software vulnerabilities in order to install malware.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page