A free SSL certificate from CDN and DNS provider Cloudflare has been used by cybercriminals in a phishing email to increase the level of trust and trick you into clicking on a malicious link.
At Clodflare's services as announced, 29 September added support for SSL connections. The feature is available free of charge to all its customers, regardless of whether they have subscribed or are registered to its free service.
With this move, the company doubled the number of websites supported by encrypted links.
Ο Jerome Segura of Malwarebytes recently noticed a new email campaign that started from a website and took advantage of Cloudflare's free SSL certificate to deliver malware. The malicious message claimed to be a warning from LogMeln's cloud-based (provider of remote login services), regarding an alleged problem in extending its service subscription due to insufficient resources.
Η κακόβουλη σύνδεση HTTPS που περιλαμβανόταν στο e-mail έμοιαζε σαν επισήμανση προς ένα τιμολόγιο που θα έδειχνε τις λεπτομέρειες της συναλλαγής. Δεδομένου ότι το link ήταν μια safe connection, users were more likely to think that the file download was protected and harmless.
Fortunately, Cludflare revoked the certificate for that site and the site has now been flagged as malicious by all major web browsers.
Right now, the VirusTotal has a list of 29 of the 56 antivirus engines which correctly identify as a threat the malicious attachment that comes as PIF (program information file).
One thing is for sure, though. That although SSL certificates are a first security key they can not guarantee 100% the integrity of a connection or a website. You should always be careful about what you download and what you run on your computer. After all, the use of SSL for criminal purposes is expected to increase in the near future.
