Unfortunately I cannot be more specific than to state that in Scandinavia most fraud attempts comes not directly from operators of botnets, but rather from third-parties buying their services. Those guys develop a so-called config file which the botnet typically applies to victim computer. The file allows to patch incoming/outgoing traffic based on some regular expressions or similar. Proxy-type botnets have been around for few years but previously they "trained" users to ignore warnings about invalid certificates. Now the warnings are gone.
On 30 September 2013 19:46, ianG <i...@iang.org> wrote: > On 30/09/13 20:35 PM, Igor Bukanov wrote: > ... > >> A real experience shows that a substantial number of those fraud >> attempts comes from computers where malware installs own root >> certificate and then install either real or transparent proxy. The >> access to the proxy is then sold to third parties that can do with it >> whatever they want with decrypted traffic. > > ... > > > As a slight diversion, do you have any documentary evidence on that? I > collect a history of attacks on PKI, so as to inform risk analysis, and I > like to document any known *real* attacks other than omigosh attacks. > > > > iang > > _______________________________________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
