First, CAs are not well positioned to operate anti-phishing and anti-malware operations – or to police content more generally. They simply do not have sufficient ongoing visibility into sites’ content. The best CAs can do is check with organizations that have much greater content awareness, such as Microsoft and Google.
Josh Aas, Director de Let’s Encrypt: https://letsencrypt.org/2015/10/29/phishing-and-malware.html
SSL/TLS-based malware attacks
Join Forces to Enable Automated SSL Encryption for the Web