Smokey's Security Weblog

veritas odium parit

[How-to] Vulnerability test Superfish, Komodia, PrivDog & similar

Probably you have heard about the Lenovo debacle, many of their laptop series are preloaded adware/spyware Superfish (you can also call Superfish a dirty piece of malware) that will intercept all your secure connections and this will allow criminals to do it too. Superfish uses an “SSL hijacker” (Komodia Redirector with SSL Digestor) and an untrustworthy Komodia root certificate. Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing. In this way an attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings in affected systems.

Many other softwares do similar because Komodia sold its malicious kit to other companies as well, some of these companies/vendors are e.g. Atom Security, Inc, Infoweise, KeepMyFamilySecure, Kurupira, Lavasoft, Qustodio and Websecure Ltd. There will be others as well.

Superfish removal can be done via Windows standard add/remove programs utility, find Superfish Inc VisualDiscovery, tick it, and click uninstall. Uninstalling Superfish and other Komodia-type programs does not remove the root certificates, so you need to do this: type certmgr.msc into the Windows search box, right click on the programs name, and select “run as administrator” from the pop-up menu. Subsequent click the action menu item and select “find certificates”. Type Superfish etc into the search box and click the “find now” button. If you find an unwanted certificate, right-click and select delete.

Fwiw never download from unsafe places such as CNet’s Download.com or from Google search ads, downloading software from such places can be really dangerous, in many cases the downloaded software can and will be contaminated with adware, spyware and/or malware.

There’s a simple way to check your machine on the existence of Superfish, Komodia, PrivDog & Co, we advise you to visit the filippo vulnerability test page and perform the vulnerability test: https://filippo.io/Badfish/ Important: do the test with all browsers installed.

Instructions for identifying and removing a root certificate from Windows here: http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates

Finally we know that many AV (antivirus) products will find and remove the Superfish, Komodia, PrivDog and similar crap, despite we still strongly advise to perform the filippo vulnerability test and to check your machine also on the existence of untrustworthy certificates.

Advertisements

March 1, 2015 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Release Candidate versions of Vista SP1 will expire on June 30 – Uninstall Now!

By Anthony Mann [MSFT]:

“I want to remind everyone who installed the Release Candidate Vista SP1 that you must uninstall any RC builds (any build less than 6.0.6001.18000) before they expire on June 30. After this date, the kernel will stop with an END_OF_NT_EVALUATION_PERIOD error message an hour after the machine has booted. If you do wait until after June 30, just reboot your PC and start the uninstall process right away.”

Source / full advisory: Microsoft TechNet

June 14, 2008 Posted by | Advisories, Alerts, Friends, News, Uncategorized | , , , , , , | 1 Comment