I'm not too sure what the detection process is like, but being found to sign fraudulent certificates results in your CA being untrusted and is the end of your business. So it's not going to be done lightly even if there isn't automated systems to catch it instantly (which there likely are at least for major websites)