<p> <i> 16.43 pm </i> Malicious Code from Lenovo Superfish Issue Discovered in Over 10 More Apps

SSL-hijacking code spotted preinstalled on several Lenovo products has been spotted elsewhere, as a report from security group Protect the Graph pointed out Friday.

According to Protect the Graph’s official Facebook page, the Trojan virus Nurjax was discovered by Symantec in December, and works by hijacking Internet browsers on vulnerable devices.  The Trojan is also capable of downloading other forms of malware, the blog post continued.  What makes this important is that Nurjax is one of several new software apps that make use of the anti-HTTP code from Israeli firm Komodia.  At the present, there are 14 apps that use Komodia, including Superfish’s adware, whose sighting triggered what has been a large-scale attempt at damage control on Lenovo’s part.

“What all these applications have in common is that they make people less secure through their use of an easily obtained root (certificate authority), they provide little information about the risks of the technology, and in some cases they are difficult to remove,” said Protect the Graph researcher Matt Richard. “Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers.”  Richard added that research detection has been “sporadic,” despite how certain antivirus products can recognize these threats as malware or adware.

While Komodia hasn’t been shy about identifying itself as an “SSL hijacker,” it’s been quite easy for researchers to get to the bottom of some of its shenanigans.  For example, Errata Security CEO Rob Graham had recently figured out the password to many Komodia’s certificates – the word “komodia,” spelled in lower-case.  After cracking the password, Graham tried to recreate the company’s tactics, using the private key in the Komodia certificate to spoof the websites of Bank of America and Google.  But even with Graham and other researchers figuring out Komodia quite easily, Superfish went ahead and prepared a statement Friday, with its CEO Adi Pinhas saying that its software shouldn’t be considered a security risk.</p>