Microsoft MVP Mike Burgess respond to Comodo’s CEO on Comodo Certificates issued to Malware distributors

MVP Mike as you know is doing free community work by providing free HOSTS file to block parasites and malware.  He’s doing the research and report to anyone that can take action. He give Kudos if an action is made.  He gave kudos to Comodo when Comodo revokes the certs issued to malware/rogue that Mike have reported to them.

This time… Comodo made him quiet for they ignored his email/report on yet another certificate issued by Comodo to malware domains.   He blog about it and finally, Comodo took action… after nearly 1 month.

Mike wrote:

Well as I stated in my previous post I sent an email on 04-21-09 alerting Comodo and never received a reply … so why would I bother sending another when I find more of the same (Malware sites using Comodo certificates) … however after "going public" it sure didn’t take long for these certificates to be revoked. Imagine that … I got a reply today … "your email got buried" = buried? … if you notice I sent it to both the address I was given and "CC’d" to the person I dealt with previously …

Mike also gave them a tip on how to find out who have more certs in used by rogue/malware domains.. and guess what, Mike said:

First I very rarely see a certificate issued by GoDaddy to these type malware pushers … now here is a tip … perhaps the first clue would be to Google the domain name that wants to purchase a certificate …

Conficker is now believed to be the largest computer worm infection since the 2003 … and Comodo issued the certificate to "SpywareProtector-2009" … now you can’t tell me that this domain name isn’t a cause for concern? It gives me chills to think how many people were duped into purchasing this product.

See his follow-up and some of his comments on Comodo’s CEO at:

Funny that Comodo believe that I, at Calendar of Updates forum is bashing Comodo alone where in fact, we are not naming Comodo alone all the time.  We name or we call the attention of Security Software Vendors who is associating their products to unwanted, unnecessary, questionable and bad practices by IAC/Ask.  So many discussions on this and Ben have documented a new one on how IAC works but yet, there are still end-users who continue to support such tactics by security vendors.  I’m really sad to see this.  If this is Microsoft who associated their name to known questionable company, I’m sure the whole world will bash Microsoft but just because it is not Microsoft… Comodo, Symantec, BitDefender, ZoneLabs, StopZilla and Webroot get free pass? Come on!

Simple… why on earth a security company offer you a toolbar or search assistant that have spyware/adware business where they should be detecting or advising you to avoid PUPs/Adware/Spyware or whatever you thin it is?  It is not harmless as some of you thinks.

Leave a Reply