Certificates associated with malware added to SSL Blacklist

Share this article:

Introduced on Tuesday, the SSL Blacklist (SSLBL) is designed to aid in detecting botnet traffic that uses SSL to communicate, including Shylock malware and variants of the infamous Zeus trojan, according to a post on Swiss security blog abuse.ch.

Noting an increase in attackers shifting to SSL in order to evade detection, a researcher with abuse.ch decided to compile and maintain a list of SHA1 fingerprints of SSL certificates associated with malware and botnet activities, according to the post.

As of Wednesday afternoon, 127 SSL certificates have been blacklisted.

The idea for SSLBL came to the researcher while tinkering around with Suricata, an open source intrusion detection and prevention system equipped with a module to fingerprint SSL/TLS certificates, according to the post.

Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.