Author/ Zeljka Zorz HNS Managing Editor/ Posted on 16 July 2014.
Roman Hussy, the Swiss security activist behind Abuse.ch, has started another project: the SSL Blacklist (SSLBL).
Known for the trackers that keep tabs on command and control (C&C) servers for the Zeus, SpyEye, Palevo and Geodo malware families, as well as the domain- and a IP-blocklists he provides, he was spurred to create this new set of blacklists by the fact that some malware families switched from using HTTP to using HTTPS.
Help Net Security/ full read here/ http://www.net-security.org/secworld.php?id=17125
Userlevel 7
+54
This sounds like a great idea, I wonder if the list could be worked into the AV programs as part of the updates to help prevent fraudulent use of the certificates.
By paganinip on July 16th, 2014
"The project is the work of a Swiss security researcher at Abuse.ch who for years has provided resources for tracking many of the major banking Trojan families and botnets.
Full Article
By paganinip on July 16th, 2014
"The project is the work of a Swiss security researcher at Abuse.ch who for years has provided resources for tracking many of the major banking Trojan families and botnets.
“The goal of SSLBL is to provide a list of bad SHA1 fingerprints of SSL certificates that are associated with malware and botnet activities. Currently, SSLBL provides an IP based and a SHA1 fingerprint based blacklist in CSV and Suricata rule format. SSLBL helps you in detecting potential botnet C&C traffic that relies on SSL, such as KINS (aka VMZeuS) and Shylock,” wrote the researcher in a blog post which introduce the initiative."
Full Article
Userlevel 7
LOL...this is old hat...a black list is precisely what a signature file is just by another name with a different type of record of the 'nasty/unwelcome' entity recorded on it. Can't believe that someone is purporting to original thought here.
Userlevel 7
+54
When I saw the word Blacklist the first thing that came to my mind was IESpyad which came out years ago, but it has been a long time since it was updated.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.