[cryptography] Which CA sells the most malware-signing certs?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Feb 18 07:07:11 PST 2013

I've just done a quick tally of the certs posted to
http://www.ccssforum.org/malware-certificates.php, a.k.a. "Digital
Certificates Used by Malware".  Looks like Verisign (and its sub-brand Thawte)
are the malware-authors' CA of choice, selling more certs used to sign malware
than all other CAs combined.  GeoTrust comes second, and everything below that
is in the noise.  GoDaddy, the most popular CA, barely rates.  Other CAs
who've sold their certs to malware authors include ACNLB, Alpha SSL (which
isn't supposed to sell code-signing certificates at all as far as I can tell),
Certum, CyberTrust, DigiCert, GeoTrust, GlobalSign, GoDaddy, Thawte,
StarField, TrustCenter, VeriSign, and WoSign.  Everyone's favourite whipping-
boy CAs CNNIC and TurkTrust don't feature at all.

Caveats: These are malware certs submitted by volunteers, so they're not a
comprehensive sample.  The site tracks malware-signing certs and not criminal-
website certs, for which the stats could be quite different.


cryptography mailing list
cryptography at randombit.net

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the Testlist mailing list