THREAT OF THE MONTH: Komodia libraries
Upsurge in CryptoLocker ransomware
Komodia Redirector and SSL Digestor libraries provide a way for software to intercept HTTPS traffic. This is a feature commonly used by various security products. However, the Komodia libraries contain a flaw, allowing an attacker to spoof the identity of a web server or disclose and manipulate HTTPS traffic through man-in-the-middle attacks.
How does it work?
The Komodia libraries do not properly validate self-signed X.509 certificates.
Should I be worried?
Third-party libraries are used to speed up the software development process and reduce cost. Unfortunately, software vendors rarely secure audit libraries before using them. A number of privacy and parental control software has been confirmed to bundle the vulnerable library.
How can I prevent it?
Some products have removed the feature or issued fixes. Apply fixes if available or delete the offending program as well as the installed root CA certificate.
– Carsten Eiram, chief research officer, Risk Based Security