Smokey's Security Weblog

veritas odium parit

[How-to] Vulnerability test Superfish, Komodia, PrivDog & similar

Probably you have heard about the Lenovo debacle, many of their laptop series are preloaded adware/spyware Superfish (you can also call Superfish a dirty piece of malware) that will intercept all your secure connections and this will allow criminals to do it too. Superfish uses an “SSL hijacker” (Komodia Redirector with SSL Digestor) and an untrustworthy Komodia root certificate. Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing. In this way an attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings in affected systems.

Many other softwares do similar because Komodia sold its malicious kit to other companies as well, some of these companies/vendors are e.g. Atom Security, Inc, Infoweise, KeepMyFamilySecure, Kurupira, Lavasoft, Qustodio and Websecure Ltd. There will be others as well.

Superfish removal can be done via Windows standard add/remove programs utility, find Superfish Inc VisualDiscovery, tick it, and click uninstall. Uninstalling Superfish and other Komodia-type programs does not remove the root certificates, so you need to do this: type certmgr.msc into the Windows search box, right click on the programs name, and select “run as administrator” from the pop-up menu. Subsequent click the action menu item and select “find certificates”. Type Superfish etc into the search box and click the “find now” button. If you find an unwanted certificate, right-click and select delete.

Fwiw never download from unsafe places such as CNet’s Download.com or from Google search ads, downloading software from such places can be really dangerous, in many cases the downloaded software can and will be contaminated with adware, spyware and/or malware.

There’s a simple way to check your machine on the existence of Superfish, Komodia, PrivDog & Co, we advise you to visit the filippo vulnerability test page and perform the vulnerability test: https://filippo.io/Badfish/ Important: do the test with all browsers installed.

Instructions for identifying and removing a root certificate from Windows here: http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates

Finally we know that many AV (antivirus) products will find and remove the Superfish, Komodia, PrivDog and similar crap, despite we still strongly advise to perform the filippo vulnerability test and to check your machine also on the existence of untrustworthy certificates.

Advertisements

March 1, 2015 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Smokey’s Security & Anti-Malware Software Updates Survey Forum Entirely Revamped

I’m pleased to announce that the Security & Anti-Malware Software Updates Survey Forum on Smokey’s Security Forums is entirely revamped. As you know, a safe surfing experience will only be possible when all (security)software on your box will be up-to-date, the Smokey’s Security & Anti-Malware Software Updates Survey Forum provides you with the possibility to stay current and to avoid outdated software.

The forum is rebuild from the scratch, all Security/Anti-Malware software is sorted now into alphabetical order and up-to-date. Additional features are sorting software by Category/Tag and to stay current by way of subscribing to the Security & Anti-Malware Update Topics.

The revamped Software Updates Survey Forum is entirely designed by Smokey’s new Team Leader of that forum: Creer. He invested lots of time in the design, I’m grateful for all his hard design work and continuous efforts to keep the forum up-to-date.

Like before, in case you need (of course free!) malware removal help please don’t hesitate to visit our Malware Analysis & Removal Help and Support Forum, fully trained/graduated/qualified malware removal staff will be pleased to clean your box/removing malware.

February 12, 2012 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Zango crapware is back: pushing somebody else’s popular software and bundling crap with it

Sunbelt Blog | January 29, 2010

Here’s something they don’t teach in marketing 101: If you’re pushing software that no one wants — like, say, annoying adware — and your downloads are going nowhere, what do you do?

Answer: you push somebody else’s popular software AND BUNDLE YOUR CRAP WITH IT!

Remember Zango? It was that irritating adware company that spent years and a million weasel words trying to make its operation seem legitimate. It was fined $3 million in 2006 by the U.S. Federal Trade Commission and it unsuccessfully sued anti-virus vendor Kaspersky in Federal Court in 2007 for calling the Zango malcode “malcode?” After several years of sagging revenue amidst a larger collapse of the adware industry, the company finally folded and sold its assets at fire sale prices last April.

The buyer, Pinball Publisher Network, is still distributing Zango and sadly enough it still offers users nothing of any value, which is why PPN offers Open Office, 7-Zip and Firefox bundled with it. PPN and its affiliates are simply trying to piggyback on those programs and in the process, leech from their value and good name.

Here’s what its fans get:

“Hotbar’s toolbar for IE, Outlook/Outlook Express and Word provides FREE access to premium content including weather, paid for by advertising. Based on keywords generated by your browsing, Hotbar shows ads in a separate browser window or a temporary Slider, and toolbar search suggestions. ShopperReports provides comparison shopping offers in a Sidebar. Both run continuously and update automatically. Uninstall easily via Add/Remove Programs.”

Thanks Sunbelt for informing us! My advice: stay far away from this Zango crapware, same is valid for Pinball Publisher Network. Don’t get be spammed with PPN’s crap…

Informative wikipedia article regarding the Zango crap: http://en.wikipedia.org/wiki/Zango_(company)

January 30, 2010 Posted by | Advisories, Alerts, Anti-Spyware, Malware, Recommended External Security Related Links, Toolbarware | , , , , , , , , , , , , , | Leave a comment

AV-Comparatives Review DefenseWall HIPS: 100% Detection Score

Past week the acknowledged testing organization AV-Comparatives published a comprehensive DefenseWall HIPS test/review.
The program is the most important product of SoftSphere Technologies, a company primarily active in the field of information security and its mission is to develop reliable means of protection against existing and future threats, such as viruses, spyware or rootkits.

AV-Comparatives tested the software on 100 current Malware Samples (Adware, Spyware, Viruses, Trojan Horses, Backdoors, etc.) that were not detected by other major Anti-Virus products at time of testing. All the samples were detected or executed as being untrusted or without compromising the system. Excellent test result: a protection rate of 100%!

My congratulations to SoftSphere Technologies, this result underline again that DefenseWall HIPS is a top-notch Host Intrusion Prevention System.

Please keep in mind that the software should be regarded as being a supplement to an Anti-Virus product and not as a replacement.

The full review is available in English and German language.

Links:

AV-Comparatives Softsphere DefenseWall HIPS Review
SoftSphere Homepage
SoftSphere Technologies Support Forums

May 29, 2009 Posted by | Advisories, Anti-Spyware, Anti-Virus, Malware, News, Recommended External Security Related Links, Toolbarware | , , , , , , , , , , , | 1 Comment

Safe Computing and Preventing Malware Infections

The current outbreak of the polymorphic worm Downadup, aka Conficker and Kido, and all its variants make very clear that many users don’t act in a responsable and secure way. After all, at the moment 9 (nine) million PCs are contaminated by that worm for reason of a missing Microsoft Security Update for Windows (KB958644). At the same time numerous users don’t posses safe computing and surfing habits, ignore standard precautions, haven’t the slightest idea how to prevent malware and in case they have a PC contaminated by malware they are trying to clean the PC by themselves or by self-declared “security experts”. Keep in mind that malware cleaning/removal isn’t a job for amateurs, it is a dedicated job for well trained and full qualified malware hunters.

Safe computing/surfing and preventing malware is a matter of education. Only well educated users have the reasonable possibilty to remain “clean”. The sole aim of me and my staff on Smokey’s Security Forums is to fulfill this aim by providing the user for free with Education, Support, Help and Advice, and in case the PC of the user is infected by malware to offer malware cleaning/removal by real security experts: comprehensive trained, full qualified HJT/OTListIt2 Analysers/Malware Hunters.

Some basic rules for safe computing, related links at the end of this post:

– Activate the automatic update function in Windows. Always accept and install all updates offered by Microsoft.
– If you don’t like automatic updates, consider to use the Microsoft Baseline Security Analyzer (MBSA). MBSA is an easy to use free tool that helps individuals, small and medium businesses to determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. It will improve your security management process by using MBSA to detect common administrative vulnerabilities and missing security updates on your computer systems.
– Always install all Service Packs offered by Microsoft.
– Educate and protect yourself, e.g. by visiting my board and reading the FAQs, How-To’s and Advisories concerning Safe Computing and Preventing Malware.
– In case your PC is infected by malware, adware or any other undesired badware or nasties visit my board to get rid of such crap. Only full qualified HijackThis & OTListIt2 Log Analysers/Malware Hunters will care about these infections and help you in a professional way, of course for free, to get rid of it. Note: only registered board members will receive malware removal/cleaning help, registering on my board is also for free.

Update 2010-14-03: Guests allowed to post on Smokey’s for Log Analysis and Malware Removal help

Links

Smokey’s Security Forums
FAQs, How-To’s and Advisories concerning Safe Computing and Preventing Malware
HijackThis (HJT) & OTListIt2 Log Analysis and Malware Removal/Cleaning Assistance and Services
Microsoft Baseline Security Analyzer (MBSA) Frequently Asked Questions
Download Microsoft Baseline Security Analyzer

Safe computing!
.

asap1
Smokey’s Security Forums is Site Member ASAP

January 17, 2009 Posted by | Advisories, Anti-Spyware, Anti-Virus, Bundleware, Downloads, Friends, Phishing, Recommended External Security Related Links, Toolbarware, Uncategorized, Vulnerabilities | , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Avoid SpywareInfo.com: it is pushing rogue programs

Compilation of posts/warnings made by Name Game on DSLReports.com and several posts on SpywareInfoForum.info

GoDaddy just auctioned off Mike Healan’s original SpywareInfo.com, and what happened to it is what we feared would when we saw how high the price was getting. It appears that site is pushing rogue programs and is intended to make some quick money for the same people that Mike fought for many years… It is selling several rogue programs, including at least one that is considered to be an active infection… I strongly recommend that everyone avoid it unless your PC if quite well armored and I particularly recommend that no one buy anything through it.

Remember, Mike Healan’s spywareinfo is at http://www.spywareinfoforum.info. Change your bookmarks and shortcuts. And it will be helpful if you will post about the new address at sites you’re a member of.

December 9, 2008 Posted by | Advisories, Alerts, Downloads, Malware, News | , , , , , , | Leave a comment

Free Online Virus, Spyware, other Malware, Suspicious File, Security Check and System Health Scanners

Like most people know, my board Smokey’s Security Forums is providing Information, Support, Help and Advice concerning all security related issues. As extra service we have also a general Hardware/Software section.

Malware removal/cleaning is just of the many services we offer. E.g. we have a HijackThis & OTListIt2 Log Analysis/Malware Removal & Cleaning Forum (English language) and Hilfe bei Problemen mit Viren, Trojanern, Würmern, Spyware, Adware, Ransomware, Popups und sonstigen Schädlingen (German – Deutsch language), full qualified malware experts will help you to clean your infected PC.

We have also an Online Virus, Spyware, other Malware, Suspicious File, Security Check and System Health Scanners Forum. You will find here 24 free (partial multi-engine) online services for scanning suspicious files and/or free system scanners. Several of these online services will remove malware and clean your PC also. Feel free to use these services, however, in case of an PC contaminated by malware we advice you strongly to ask for personal help in our HijackThis & OTListIt2 Log Analysiis Forum, only qualified malware experts will be able to clean your PC in a satisfying and secure way.

Current online scan services we offer are:

– a-squared Anti-malware Free Online Scan
– Arcabit Free Online Scan
– Bitdefender Free Online Scan
– Eset NOD32 Antivirus Free Online Scan
– Ewido/AVG Malware Free Online Scan
– F-Secure Antivirus Free Online Scan
– F-Secure Free Online security updates indentifier
– Jotti Virus/Malware Multi-engine Free Online Scan
– Kasperky Antivirus Free Online Scan
– McAfee FreeScan Online Scan
– Norton Security Scan Total redirects: 1
– Panda Antivirus TruePrevent Free Online Scan
– PrevX CSI Online Adware scanner
– Secunia Free Software Inspector
– SpywareInfo Spyware/AdWare Free Online Scan
– Symantec Security Check Free Online Scan
– Tenebril Spyware Free Online Scan
– TrendMicro Antispyware Free Online Scan
– WindowSecurity.com TrojanScan Free Online Scan
– Virus Chaser Free Online Scan
– VirusChief Multi-engine Free Online Scan
– VirSCAN Virus/Malware Multi-engine Free Online Scan
– VirusTotal Virus/Malware Multi-engine Free Online Scan
– Virus.org Rogue File Multi-engine Free Online Scan

All services we offer are for free, but please keep in mind that only registered board members will be able to take advantages of these services.

November 8, 2008 Posted by | Advisories, Alerts, Bundleware, Friends, Malware, News, Norton Internet Security, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , , , , | 1 Comment

Free HJT/OTL (formerly OTListIt2) Log Analyzing and Malware Cleaning Services again available on Smokey’s

After a period of a closed HJT/OTL (formerly OTListIt2) Log Analyzing/Malware Cleaning Forum I am pleased to announce that from now on Smokey’s Security Forums offer again HijackThis & OTL Log Analyzing & Malware Cleaning related Support, Help and Advice.

This (free) help will only be provided by full qualified HJT/OTL Analyzers/Malware Hunters, this for reason of maintaining the high standards of my forums: Help and Support only by qualified people.

Update 2010-14-03: Guests allowed to post on Smokey’s for Log Analysis and Malware Removal help

April 25, 2008 Posted by | Advisories, Bundleware, Downloads, Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , , | Leave a comment

The tendency of (pre-checked) toolbars

At the moment there is heavy discussion on various boards alleging that Grisoft AVG have included the Yahoo Toolbar with their new Security Suite.

It is obvious that money is all that count for several software houses, moral isn’t available anymore. It is a shame that even well respected security companies provide their (paid) software with these toolbars.

March 9, 2008 Posted by | Bundleware, Friends, Recommended External Security Related Links, Toolbarware | , , , | Leave a comment