Certificates associated with malware added to SSL Blacklist

Share this article:

Introduced on Tuesday, the SSL Blacklist (SSLBL) is designed to aid in detecting botnet traffic that uses SSL to communicate, including Shylock malware and variants of the infamous Zeus trojan, according to a post on Swiss security blog abuse.ch.

Noting an increase in attackers shifting to SSL in order to evade detection, a researcher with abuse.ch decided to compile and maintain a list of SHA1 fingerprints of SSL certificates associated with malware and botnet activities, according to the post.

As of Wednesday afternoon, 127 SSL certificates have been blacklisted.

The idea for SSLBL came to the researcher while tinkering around with Suricata, an open source intrusion detection and prevention system equipped with a module to fingerprint SSL/TLS certificates, according to the post.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and ...

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.