Criminals could use the certificate to conduct "man-in-the-middle" attacks targeting users of Gmail, Google's search engine or any other service operated by the Mountain View, Calif. company.

"This is a wildcard for any of the Google domains," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.

"[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security.

Man-in-the-middle attacks could also be launched via spam messages with links leading to a site posing as, say, the real Gmail. If recipients surfed to that link, their account login username and password could be hijacked.

Details of the certificate were posted on last Saturday. Pastebin.com is a public site where developers -- including hackers -- often post source code samples.