- Jan 24, 2011
- 9,378
A new mass phishing attack targeting Swiss credit card owners was seen using pages signed with a fake and expired SSL certificate.
According to security researchers from Symantec, the attackers used a large number of domains pointing to the same IP address and server.
The phishing page was signed with a certificate that was issued to a Web hosting company back in 2006, but expired in 2007.
It's not really clear what the phishers tried to achieve with the technique, because trying to open such a page in modern browsers will generate an error.
Users would have to manually add an exception in order load the page and its unlikely they would trust it after the browser displayed the big security warning.
However, one might wonder why there aren't more phishing attacks around that use valid SSL certificates.The answer is probably that it doesn't worth the trouble.
Cybercriminals hardly go the extra mile in their attacks unless they have a reasonable belief their effort will be substantially repaid.
More details - link
According to security researchers from Symantec, the attackers used a large number of domains pointing to the same IP address and server.
The phishing page was signed with a certificate that was issued to a Web hosting company back in 2006, but expired in 2007.
It's not really clear what the phishers tried to achieve with the technique, because trying to open such a page in modern browsers will generate an error.
Users would have to manually add an exception in order load the page and its unlikely they would trust it after the browser displayed the big security warning.
However, one might wonder why there aren't more phishing attacks around that use valid SSL certificates.The answer is probably that it doesn't worth the trouble.
Cybercriminals hardly go the extra mile in their attacks unless they have a reasonable belief their effort will be substantially repaid.
More details - link
