Tuesday, October 13, 2009

Did someone ask you to update certificates? Well Don’t!


If you get a mail from just about anyone requesting you to update certificates on your computer. D.O.N.T.
The mail you get may look like this:

On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.
http://evil-link/evil-file
Thank you in advance for your attention to this matter and sorry for possible inconveniences.
These are new breed of social engineering that attempts to fool someone into updating their certificates which in turn adds a root certificate of the attacker therefore validating all his websites, software and whatever that uses certificates as VALID.
This would then make it easier for someone to convince you that www.maybank2u.com.my is actually their own webserver as there won’t be any prompts saying the certificate is invalid.
In Windows, only use Windows Update to update your root certificates. This is done securely by Microsoft and MS is probably the folks you can trust in this case.
If you receive this and you think it could be from an internal IT team, it’s probably not the case. Do get facts and ask your IT Department.