Hacktivists this week have retaliated against Komodia and Lenovo for their roles in distributing Komodia's Superfish adware that compromises all SSL communications on Lenovo's Windows laptops. Monday, Komodia's website was DDoSed. Wednesday, Lenovo's website was taken over by hacking group Lizard Squad, as the result of a DNS hijacking attack on the Malaysian registrar that hosts Lenovo.com.
According to KrebsOnSecurity, the attackers exploited the registrar, Web Commerce Communication (Webnic), via a command injection vulnerability, and uploaded a rootkit. They were then able to change the IP address associated with Lenovo.com, sending visitors instead to a page that featured a slideshow that linked to the Lizard Squad Twitter account.
By hijacking the domain name, they were also able to intercept email and spoof email accounts. Lizard Squad showed off an email they lifted that referenced continuing problems with Superfish:
Superfish removal bricks some devices? Great work Lenovo pic.twitter.com/phXiBS3KzO— Lizard Squad (@LizardCircle) February 25, 2015
It's possible that SSL certificate authority Comodo could be the next target. This week it was reported that Comodo had been shipping PrivDog, an application developed by the company's founder that commits many of the same offenses as Superfish -- and under the guise of a tool that supposed to make Web browsing more private.
Like Superfish, PrivDog acts as a man-in-the-middle to hijack SSL communications, installs a trusted root certificate, and fails to certify legitimate SSL certificates from other sources. Some security experts have said it is even worse than Superfish.