Botnet tracking outfit Abuse.ch has launched a project to list SSL (Secure Sockets Layer) certificates used by some malware programs to hide their communications.
A large number of Web services have added support for SSL encryption over the past couple of years and the technology has increasingly been adopted by privacy-conscious users, especially following revelations of large scale surveillance and bulk data collection by intelligence agencies.
However, it’s not just regular Internet users who rely on SSL to protect their communications. Some cybercriminals also use it to encrypt traffic between malware-infected computers and command-and-control servers in an attempt to bypass intrusion prevention and detection systems, the Abuse.ch maintainers said in a blog post to announce the new SSL Blacklist (SSLBL) project.
Abuse.ch has been tracking command-and-control servers for malware threats like Zeus, SpyEye, Palevo and Feodo for several years. The outfit lists the IP (Internet Protocol) addresses and domain names associated with those servers in order to help network administrators identify infected computers that attempt to communicate with them.
The new SSLBL project will serve a similar purpose, but will list digital certificates — identified by their SHA1 cryptographic fingerprints — that are used by botnets.
“SSLBL helps you in detecting potential botnet C&C traffic that relies on SSL,” the Abuse.ch maintainers said.