Fake cert on fake Codec www ?

Discussion in 'malware problems & news' started by StevieO, Jun 13, 2009.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    I know these are 100% fake Codec www's, and if you visit then please proceed with caution !!!

    vs-codec-pro . com

    vscodec-pro . com

    But have they really managed to fake a cert from Thawte ?

    -

    Edit to upload better pics
     

    Attached Files:

    • VC1.png
      VC1.png
      File size:
      277.8 KB
      Views:
      3
    • VC2.png
      VC2.png
      File size:
      297.1 KB
      Views:
      174
    • VC3.png
      VC3.png
      File size:
      89.2 KB
      Views:
      5
    • C.png
      C.png
      File size:
      118.1 KB
      Views:
      7
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
    StevieO, using Firefox 3.0.11, with suspected attack site security and encryption protocols enabled, the first domain (blacked out) throws up this alert:

    2009-06-13_230427.gif

    And the second domain (blacked out), throws up this alert:

    2009-06-13_230548.gif

    From a Firefox perspective, both alerts should stop a visitor from going further with these domains so Mozilla wasn't fooled.
     
  3. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi JRViejo, yes thanx for that.

    What i'm wondering is if the baddies have been granted a real cert, or somehow managed to fake a cert, or even manipulate a real one ? If they have been able to produce an authentic looking/acting cert in any way, then this could have very serious implications from now on.

    Not just with this www but no doubt lots of others that will keep appearing and serving up crapware etc.
     

    Attached Files:

    • FF1.png
      FF1.png
      File size:
      23 KB
      Views:
      127
    • FF2.png
      FF2.png
      File size:
      27.6 KB
      Views:
      123
    • FF3.png
      FF3.png
      File size:
      14.3 KB
      Views:
      120
  4. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    From Google
     

    Attached Files:

    • G1.png
      G1.png
      File size:
      22 KB
      Views:
      1
    • G2.png
      G2.png
      File size:
      189.7 KB
      Views:
      2
    • G3.png
      G3.png
      File size:
      178.9 KB
      Views:
      1
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
    StevieO, in today's economy, I don't doubt they were easily granted a certificate. It's sell now and ask questions later IMO. But as Google and Mozilla plus others, start branding these sites as suspicious, word will get back to the certificate authority and possibly revoke their issuance. We can only hope that it happens fast.
     
  6. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    Interesting reading .What's with firefox?,when i enter the page and press purchase the status bar dissapears!!!!!!!!!!I was curious to see perpectives addons ratings but i can't.
     
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
    virtumonde, here's what my Perspectives found, however, there's not enough info to make a judgment thus the Warning:

    2009-06-15_102859.gif
     
  8. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi

    Indeed if it's not faked, as it now seems, then they could have been sold a cert. Thwate would not be the only ones selling out TRUST to anyone with $. Comodo recently got a lot of flack for precisely doing the same thing.

    If we can't the " Trustees " who can we trust o_O

    What a world hey !
     
Loading...
Thread Status:
Not open for further replies.