The company revoked the certificates through three mechanisms. The older Certificate Revocation List (CRL), the near real-time Online Certificate Status Protocol (OCSP), and the company worked with browser providers to come up with blacklists that can be provided as an update to browsers.

For most companies, the attack will be a non-event, since the browser updates will render the certificates invalid. However, it could have been serious, says Brian Trzupek, vice president of managed identity for security firm Trustwave.

"In this specific case, the attacker had the domain for the Mozilla Firefox add-on update server," Trzupek wrote in a statement. "This could allow the attacker to inject any arbitrary code they desire into the Web browser, in a trusted manner."

in CSOonline's Malware/Cybercrime section.