1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 4:03 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Let's Encrypt certs compromised to shield malware

The crooks keep coming on

         

tangor

1:57 am on Jan 7, 2016 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Let's Encrypt responds It was inevitable. Trend Micro says it has spotted crooks abusing the free Let's Encrypt certificate system to smuggle malware onto computers.

The security biz's fraud bod Joseph Chen noticed the caper on December 21. Folks in Japan visited a website that served up malware over encrypted HTTPS. The site used the Angler Exploit Kit to infect their machines with the software nasty, which is designed to raid their online bank accounts.

The use of encryption shields the malware from network security scanners while in transit, and the certificate helps legitimize the malicious site.

[theregister.co.uk...]

bill

2:08 am on Jan 10, 2016 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Hacked servers have always been the issue for transactions like this. If you loose control of your server or DNS then this sort of attack was available even without free certs. The free certs do make the job a bit easier due to the lower requirements for certificate authentication. The paid SSL cert providers can certainly use this to promote their products.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 4:03 am May 21, 2026