Superfish was a malware attack that many Lenovo laptop consumers were well aware of, as they were getting pop up ads, and their information could have been targeted. Recently, Lenovo released a statement saying they were going to disarm this Superfish and gave instructions to users on how to end this on their side. However, it seems that this malware attack is not finished.
Many people are reported the use of another man in the middle software that they were not aware of being on their computers. This software is the PrivDog, which has been tied to security company Comodo.
This application is touted as being a way for a person to still see ads that could be of interest to them, yet PrivDog blocks those destructive ads before they can be seen. Many times, the destructive ads are ignored, while PrivDog inserts an ad that the person may be more interested in. It is touted as being the safe way for consumers, advertisers and security professionals to all be happy with what ads are being seen.
Many people after reading about what PrivDog is about, often think that it seems like a great solution. However, it is the way in which PrivDog intercepts these ads that makes many people wonder about what else the software could be getting a hold of.
When a website has an HTTPS security encryption, PrivDog basically runs their own root certificate program on your system, to become the man in the middle. Then, you will go to a website, and all the while PrivDog is running in the background, manipulating traffic. This in itself is not the issue, as many security programs are going to go about protecting you in the same way. The issue is that the certificates in which the program is receiving from websites are not validated at all.
The CTO of Imperva, a security firm, compared Superfish and PrivDog, stating:
“Superfish’s mistake was using the same root certificate across all deployments. PrivDog’s mistake is not validating certificates at all.”
Since the software is not looking and/or validating certificates, ultimately they are taking control of everything. Even certificates that were fine to use are being replaced with what PrivDog wants to use. However, it also brings up the issue that since PrivDog is acting as the man in the middle, there is nothing to keep a hacker from intercepting the connection with PrivDog and getting information about you in that manner. In all respects, PrivDog is an accident waiting to happen.
According to ESET security specialist:
“By comparison, the Superfish ‘man-in-the-middle’ process at least requires the name of the targeted website to be inserted into the certificates alternate name field. Although Superfish allows the possibility of massive exploitation with this flaw it is still marginally better than what PrivDog is doing.”
It seems that PrivDog was bundled with several Comodo security products. However, the version that is causing all the troubles are PrivDog Version 3. In particular, versions 184.108.40.206 ad 220.127.116.11. Both of which the company has stated that they have removed.
According to Comodo they are aware that there have been 54,568 users throughout the globe that have the potential to be infected, as they are running these versions of PrivDog. Those who have the infected version are going to have a patch placed on the software that will ensure that they can continue to use the software with no problems. Or they can go to the company website and download the latest 18.104.22.168 version.