Smokey's Security Weblog

veritas odium parit

[How-to] Vulnerability test Superfish, Komodia, PrivDog & similar

Probably you have heard about the Lenovo debacle, many of their laptop series are preloaded adware/spyware Superfish (you can also call Superfish a dirty piece of malware) that will intercept all your secure connections and this will allow criminals to do it too. Superfish uses an “SSL hijacker” (Komodia Redirector with SSL Digestor) and an untrustworthy Komodia root certificate. Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing. In this way an attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings in affected systems.

Many other softwares do similar because Komodia sold its malicious kit to other companies as well, some of these companies/vendors are e.g. Atom Security, Inc, Infoweise, KeepMyFamilySecure, Kurupira, Lavasoft, Qustodio and Websecure Ltd. There will be others as well.

Superfish removal can be done via Windows standard add/remove programs utility, find Superfish Inc VisualDiscovery, tick it, and click uninstall. Uninstalling Superfish and other Komodia-type programs does not remove the root certificates, so you need to do this: type certmgr.msc into the Windows search box, right click on the programs name, and select “run as administrator” from the pop-up menu. Subsequent click the action menu item and select “find certificates”. Type Superfish etc into the search box and click the “find now” button. If you find an unwanted certificate, right-click and select delete.

Fwiw never download from unsafe places such as CNet’s or from Google search ads, downloading software from such places can be really dangerous, in many cases the downloaded software can and will be contaminated with adware, spyware and/or malware.

There’s a simple way to check your machine on the existence of Superfish, Komodia, PrivDog & Co, we advise you to visit the filippo vulnerability test page and perform the vulnerability test: Important: do the test with all browsers installed.

Instructions for identifying and removing a root certificate from Windows here:

Finally we know that many AV (antivirus) products will find and remove the Superfish, Komodia, PrivDog and similar crap, despite we still strongly advise to perform the filippo vulnerability test and to check your machine also on the existence of untrustworthy certificates.


March 1, 2015 Posted by | Uncategorized | , , , , , , , , , , , , , , , , , , , , , | Leave a comment

DNS Exploit Means Quick Patches Are Critical: patch immediately!

IOActive’s Dan Kaminsky discovered a flaw in the Internet’s Domain Name System (DNS) software, and with the attack code leaked by developers of the Metasploit hacking toolkit, security experts are saying that everything that uses DNS — from desktop PCs to mainframes — needs to be patched immediately, or network security is at risk.

Researchers have released software that exploits the recently leaked flaw in the Internet’s Domain Name System (DNS) software. That may mean IT admins are in for a long weekend of implementing and testing the patch.
IOActive researcher Dan Kaminsky discovered the bug earlier this month. The attack code was released Wednesday by developers of the Metasploit hacking toolkit, headed by the infamous HD Moore.

By exploiting this vulnerability, an attacker can redirect an ISP’s users to a malicious phishing server every time they try to visit a legitimate Web site. The patches released through various vendors should protect from the threat, but it may be a rush for some.

Andrew Storms, director of security for nCircle: “everything that uses DNS needs to be patched; desktop PCs, servers, routers, switches, firewalls and mainframes, and every vendor [like] Cisco, Sun, Microsoft and Apple,” he said. “Basically, this patch impacts the entire network from soup to nuts.”


July 27, 2008 Posted by | Advisories, Alerts, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , | 1 Comment

Safari for Windows Highly Critical Vulnerabilities

Juan Pablo Lopez Yacubian has discovered two highly critical vulnerabilities in Safari, which can be exploited by malicious people to conduct spoofing attacks or potentially compromise a user’s system.

The vulnerabilities are confirmed in version 3.1 for Windows. Other versions may also be affected.

Solution status: unpatched.

Source: Secunia

March 24, 2008 Posted by | Alerts, Friends, Recommended External Security Related Links | , , | Leave a comment