A security researcher with Trend Micro noted in a blog, http://blog.trendmicro.com/trendlabs-security-intelligence/lets-encrypt-now-being-abused-by-malvertisers/ last January that malvertisers were creating subdomains using a technique called “domain shadowing” with the help of the Angler Exploit Kit. Originally, the blog was blaming the free certificates that Let’s Encrypt (https://letsencrypt.org/) was offering with the trend but later conceded that certificate abuse is a problem with many certificate providers.

It has been a goal for quite some time to have all websites use SSL/TLS (https). Having website owners encrypt traffic is very laudable.… Read the rest