Oh Comodo here we go again!
Visiting the following Fraudware Antispyware site ... I always check the "Buy now" (purchase) section to see where this will lead. Sadly it leads to yet another Comodo issued certificate ...
You can see from the Microsoft Fiddler output where the site leads ... I pasted the certificate info into the output ...
Comodo states: "To get a DV cert all you need is a domain name and $15..and no background check about your identity is required." As I stated in a previous post ... perhaps you should at least check the domain name ... duh! that would be a good first clue ... but I guess the $15 is more important?
These culprits were first reported on Thursday, April 16, 2009 - A Diverse Portfolio of Fake Security Software - Part Nineteen and later by the SunBelt blog where both these domains reside on the same IP (iSystem Inc.)
Seems iSystem Inc also controls several other (malicious) domains ... including "malwarecatcher. net" which is associated with "updvms. net" and this is where it get interesting ...
(Image edited for display purposes)
Well look at that! directories for (left column) several malicious domains ... and the typical files found in each (right column)
Extraantivirus, Fastantivirus09, Malwarecatcher, Prestotuneup, and on and on ... so you can see there is no doubt all these domains are malicious as well as the files ... when I attempted to download "EXAVR/BankSetupRelease.exe" my AV (NOD32) detected this as a variant of Win32/Kryptik.JQ trojan
I mentioned in my last post a malicious domain (secure.xsoftstore.com) which Comodo stated they revoked the certificate ... what gets me is I suggested that they at least should check the domain names ... well it seems they didn't look into this either ...
== Server Certificate ==========
[Subject]
CN=secure.xsoftstore.com, OU=Free SSL, OU=Hosted by LiderTelecom LTD, OU=Domain Control Validated
[Issuer]
CN=EssentialSSL CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
[Serial Number]
00C2ECCD1FEFB7508CA5D7ADB6E405E192
[Not Before]
4/29/2009 8:00:00 PM
[Not After]
7/29/2009 7:59:59 PM
If Comodo had bothered to check ... they would have found all these domains are related ... [Whois link here]
All this for $15 ... my things must be really bad? ...