Certificate Owner Identity Theft

Here's yet more reason to believe that our digital certificate infrastructure is broken.

A CA named DigiCert has been issuing certificates for a company which went out of business in 2011. As recently as November 2012, they issued a certificate in the name of this defunct company - which not suprisingly was being used by malware designed for on-line banking fraud.

http://www.h-online.com/security/news/item/Certified-online-banking-trojan-in-the-wild-1808898.html

Reminds me of the (very) old trick of stealing the identity of somebody who died at an early age.  :-(