THREAT OF THE MONTH: Komodia libraries

Upsurge in CryptoLocker ransomware
Upsurge in CryptoLocker ransomware
What is it?
Komodia Redirector and SSL Digestor libraries provide a way for software to intercept HTTPS traffic. This is a feature commonly used by various security products. However, the Komodia libraries contain a flaw, allowing an attacker to spoof the identity of a web server or disclose and manipulate HTTPS traffic through man-in-the-middle attacks.

How does it work?
The Komodia libraries do not properly validate self-signed X.509 certificates.

Should I be worried?
Third-party libraries are used to speed up the software development process and reduce cost. Unfortunately, software vendors rarely secure audit libraries before using them. A number of privacy and parental control software has been confirmed to bundle the vulnerable library.

How can I prevent it?
Some products have removed the feature or issued fixes. Apply fixes if available or delete the offending program as well as the installed root CA certificate.

Carsten Eiram, chief research officer, Risk Based Security