The secure sockets layer (SSL) certificates, issued by root certificate authority Comodo, allow the attackers to sign fraudulent sites and content. The certificates were issued because of a compromise at a registration authority (RA) using stolen log-in credentials for one of Comodo's European partners, according to the .

"The attacker was still using the account when the breach was identified and the account suspended," the company stated. "The attacker may have intended to target additional domains had they had the opportunity."

The nine certificates for seven Web properties include login.live.com, mail.google.com, www.google.com, three for login.yahoo.com, login.skype.com, addons.mozilla.org, and one for a global Trustee, according to on the incident. Microsoft has issued an update for Internet Explorer to mitigate the threat.

To actually use the valid certificates to compromise computers, the attackers would have to find a way to , which would appear legitimate because of the certificates. Typically, that means the that the users would have control of some part of the domain name system (DNS) infrastructure, says Melih Abdulhayoglu, CEO of Comodo. Given that the attacks came from an address in Iran and the sophisticated nature of the attacks, Abdulhayoglu believes that the nation's government may be responsible.

"At the moment, all the indications that we are having are pointing to Iran," Abdulhayoglu says. "Whether it is someone proxying through Iran or the Iranian government themselves, I cannot say."