

Ask HN: How to report/revoke malicious Comodo code signing certificate? - bwblabs

Just came across this page:
http:&#x2F;&#x2F;update-for-pc-1024.com&#x2F;?dist_id=365&amp;channel=ac_h1gv&amp;v=icrs&amp;c=e7982022e2acb355c97cb18725d4df5e<p>Which serves &#x27;adobe_flash_setup.exe&#x27; which is signed with COMODO Code Signing certificate of OOO &quot;Finans Servis&quot;, proezd Serebryakova 6, 129323 Moscow, Russia. It&#x27;s also found under different names, see http:&#x2F;&#x2F;www.herdprotect.com&#x2F;adobe_flash_setup.exe-b6e4cc61a87f6633f5ef683be5525f9686475a4f.aspx .<p>I think this is at least they violate &#x27;1.6. Restrictions. Subscriber shall not:
(i) impersonate or misrepresent Subscriber’s affiliation with any entity,&#x27; and also &#x27;3. Revocation. Comodo may revoke a Certificate if Comodo believes that:
(xi) the Certificate was issued to publishers of malicious software;
(xii) the Certificate may have been used to digitally sign hostile code, including spyware or other malicious software;&#x27; - https:&#x2F;&#x2F;www.comodo.com&#x2F;repository&#x2F;docs&#x2F;code-signing-subscriber-agreement.pdf<p>But how to report such an issue? I cannot find any security related email address on the Comodo website.
======
bwblabs
Ok, just got a (signed) message back from Robin Alden (CTO): "This certificate
has been revoked.", in the CC was: signedmalwarealert@comodo.com , so that
seems to be the (internal) email address.

------
mtmail
Sorry to ask, but what have you tried so far to contact them? (assuming they
don't read hackernews)

There is a 'contact us' page on comodo.com with email addresses and toll free
phone numbers. More phone numbers on the support page. A live chat on the
sales page. Facebook, Twitter, G+ account are linked.

~~~
bwblabs
Yes, by email: abuse@comodo.com (the only non sales address I could find), no
response yet.

I looked at the Twitter & Facebook but they looked pretty dead. No replies
@comododesktop
([https://twitter.com/comododesktop/with_replies](https://twitter.com/comododesktop/with_replies)),
idem for FB account
([https://www.facebook.com/ComodoHome](https://www.facebook.com/ComodoHome)),
no replies on the comments I see on FB.

Also both FB & Twitter are about non CA-products, so I was hoping for a
security contact form, email address, chat or phone line..

