According to a recent study of OpenSSL Heartbleed, before it being revealed to the general public, it was unknown even to hackers. This is the conclusion which the participating researchers of some American University has reached the end of their latest study, it publicly available as PDF file :
The Heartbleed bug of OpenSSL, a widely used library in the network to protect sensitive data exchanged between client and server using encryption algorithms, remained stranger up to the day of reveal to the public (April 7, 2014). Their study concluded – “We investigated the attack landscape, finding no evidence of large- scale attacks prior to the public disclosure, but vulnerability scans began within 22 hours. We observed post-disclosure attackers employing several distinct types of attacks from 692 sources, many coming from Amazon EC2 and Chinese ASes. We also conducted a mass notification of vulnerable hosts, finding a significant positive impact on the patching of hosts to which we sent notifications, indi- cating that this type of notification helps reduce global vulnerability. Finally, we drew upon our analyses to frame what went well and what went poorly in our community™s response, providing perspectives on how we might respond more effectively to such events in the future.”
Heartbleed Was a Stranger Before Public Announcement – Neither a Good News, Nor a Bad News
The work of analyzing data (traffic in the months prior to April 2014), was carried out by the information acquired by the Lawrence Berkeley National Laboratory, the National Energy Research Scientific Computing Center and bait (called honeypot) placed in the Amazon EC2 network.
Between November 2013 and April 2014, scanners would not have identified any attempt to exploit for the flaw of OpenSSL. Researchers have, however, put forth stating other attempts might have occurred before the time frame they got data. The first official attack identified by the researchers occurred 21 hours and 29 minutes after the public announcement about Heartbleed. In the following days, the media outcry aroused by the affair helped to speed up the process of updating the library.
So, in our conclusion, it is quite practical, it can not be a fully white certificate because the traffic data, both in amount and time frame, is just a portion.
vulnerability scans can be a result of activities by the White Hackers. This is definitely an important research work, because it simply emphasizes that Hearbleed bug must be fixed on any server, if still not fixed.