Blog for hpHosts, and whatever else I feel like writing about ....

Saturday 16 May 2009

Comodo one of the good guys?

Are Comodo one of the good guys? Err no - not anymore they aren't - they're now officially (still) supporting the bad guys, as Mike Burgess (MS MVP, and MS MVP Hosts provider) explains;

"secure.a5bill.com" is hosted on the same IP as the following and all the downloads are detected as Win32/Adware.CoreguardAntivirus
coreguard-antivirus. com
guardlab2009. biz
guardlab2009. net
guardlab2009. com (Google Diagnostic report)

Some of the others on the above list are using:
fullguardlab. com
== Server Certificate ==========
[Subject]
CN=fullguardlab. com, OU=Free SSL, OU=Hosted by LiderTelecom LTD, OU=Domain Control Validated
[Issuer]
CN=EssentialSSL CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
[Serial Number]
00912B6C954BB5BEA83000C4599B9A5C13

bitcoreguard. com
== Server Certificate ==========
[Subject]
CN=fullguardlab. com, OU=Free SSL, OU=Hosted by LiderTelecom LTD, OU=Domain Control Validated
[Issuer]
CN=EssentialSSL CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
[Serial Number]
00912B6C954BB5BEA83000C4599B9A5C13
-------------------------------------------------

So this got me to thinking ... a while back (04-21-09) I reported to Comodo via their secret address a list of sites distributing malicious software ... although I never received a reply as I did when I reported "Conficker systems being updated with SpywareProtect2009" which Comodo had issued a certificate to.

Anyway ... I went back and checked the sites I last reported and it seems Comodo has decided to ignore my report ...

rapid-antivir-2009. com
rapid-antivir2009. com
rapid-antivirus2009. com = all redirect to:


Read more
http://msmvps.com/blogs/hostsnews/archive/2009/05/16/1692519.aspx

Kudos to Donna for the heads up!, who wrote;

All I can say is Comodo products need NO support at all. If they continue to earn money from this malware/rogue authors by issuing certificate or if their free certificates give them “popularity” (to attract potential paying customers) then how is the fight against rogue/malware will succeed if a known security vendor will do that?

Which is why CoU and LandzDown stop posting updates information on Comodo Internet Security Suite/Free firewall because Comodo, Symantec, Webroot, StopZilla and BitDefender and ZoneLabs have partner with that Ask.com, which as we all know… unwanted and questionable company for continue to push/hosts spyware/adware stuff using different domains or part of their business.


Read more
http://msmvps.com/blogs/donna/archive/2009/05/16/comodo-continue-to-issue-certificates-to-known-rogue-malware.aspx

No comments: