Malware and botnet operators are always adapting their tactics, trying to stay a step or two ahead of defensive technologies and techniques. One of the methods many attackers have adopted is using SSL to communicate with the infected machines they control, and a researcher has started a new initiative to track the certificates attackers use in these operations and publish them.
Thew new SSL Black List is a public list of certificates associated with a variety of malicious operations, including botnets, malware campaigns and banking Trojans. The database comprises SHA-1 fingerprints of each certificate as well as the reason why it was included in the database. Right now, the list includes more than 125 certificate fingerprints, many of which are associated with well-known botnets and malware operations such as Shylock, Kins and Zeus.