Skip to main content

PrivDog software is "substantially more scary" than Superfish

Adware which has a bigger flaw than Superfish has been detailed.

Software named PrivDog will intercept every certificate and replace it with one signed by its root key, according to research, and that includes certificates that weren’t valid in the first place. “It will turn your browser into one that just accepts every HTTPS certificate out there, whether it’s been signed by a certificate authority or not,” researcher Hanno Böck said.

As well as that, it directs to a webpage that has a self-signed certificate and adds another self-signed certificate with 512-bit RSA built into the root certificate store of Windows. All other certificates are replaced by 1024-bit RSA certificates signed by a locally created PrivDog certificate authority.

Currently, PrivDog is shipped with products produced by Comodo. Bromium co-founder and CTO, Simon Crosby, said: “PrivDog is in every sense as malicious as Superfish. It intercepts and decrypts supposedly secure communication between the browser and a remote site (such as the user’s bank), ostensibly to insert its own advertising into pages in the browser.

“It is substantially more scary though because PrivDog effectively turns your Browser into one that just accepts every HTTPS certificate out there without checking its validity, increasing vulnerability to phishing attacks, for example.”

Mark James, security specialist at ESET, recommended uninstalling the stand-alone version of Privdog or the Lavasoft Ad-aware web companion, making sure you remove the associated root certificates as soon as possible.

“The stand-alone version of Privdog when installed recreates a key/cert on each installation, it will intercept every certificate it finds and then replace it with one signed by its root key, this enables it to replace adverts in web pages with its own ads from ‘Trusted Sources’,” he said.

“The implications are massive. One of the biggest problems here is the fact that it will replace certificates with a valid certificate even if the original cert was not valid for any reason. This means it essentially makes your browser accept every HTTPS certificate regardless if it’s been signed by a certificate authority or not.

“By comparison, the Superfish ‘man-in-the-middle’ process at least requires the name of the targeted website to be inserted into the certificates alternate name field. Although Superfish allows the possibility of massive exploitation, with this flaw it is still marginally better than what Privdog is doing.”

The post Researcher warn on PrivDog software as “more scary” than Superfish appeared first on IT Security Guru.