Difference between revisions of "DBSA:2015-0003"
(Created page with "{{DBSAHEAD | TITLE=Hola VPN Considered Malicious | KEYWORDS=Hola, VPN, malicious, network, connectivity, botnet, malware }} '''DBSA ID:''' {{PAGENAME}} '''Regarding:''' Hola...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 31: | Line 31: | ||
==Description== | ==Description== | ||
| − | Hola is a VPN (Virtual Private Network) service that claims that it provides users the ability to connect and access geographically-locked services and further claims to enhance privacy. The service operates on a peer to peer (p2p) model by establishing a mesh network between users where | + | Hola is a VPN (Virtual Private Network) service that claims that it provides users the ability to connect and access geographically-locked services and further claims to enhance privacy. The service operates on a peer to peer (p2p) model by establishing a mesh network between users where third parties may use a user's Internet connection to gain access into countries where content is accessible. |
| + | |||
| + | It has been identified that users of the free version are unable to opt-out of contributing their connections potentially to illegal activities without paying for the premium version. It has also been more critically identified that the software has multiple exploits and bad security implementations that may result in the network being used like a botnet where malicious parties can directly run software including malicious code on users' machines with the credentials of the operating system itself. This has the potential for 1) malware to be installed in a way to deny access to the administrative user who may attempt to remove that software without advanced techniques and 2) for private user data to be copied and transmitted to malicious parties. | ||
| + | |||
| + | The vendor has attempted to subvert online scanners to inform individuals if they are vulnerable or not, but has failed to address the issues with the vulnerabilities. | ||
==Mitigation/Solution== | ==Mitigation/Solution== | ||
Latest revision as of 14:42, 31 May 2015
Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Contents
Digibase Security Advisory - Hola VPN Considered Malicious
Keywords: Hola, VPN, malicious, network, connectivity, botnet, malware
DBSA ID: 2015-0003
Regarding: Hola VPN Considered Malicious
Writeup: Kradorex Xeron (talk) 15:22, 31 May 2015 (EDT)
Date: 2015 05 31
Last Modified: 20150531144237 by Kradorex Xeron
Who should take note: Everyone (especially all Hola VPN users and prospective users)
Classification
Priority: HIGH
Rationale: Users need to act to protect their computer systems.
Severity: HIGH
Rationale: Users may be subject to illegal activities being conducted over their Internet connection.
Spread of Issue: MULTI-PLATFORM HIGH
Rationale: The service website is claiming "47 million" users, thus it is estimated that number are effected by this advisory.
Description
Hola is a VPN (Virtual Private Network) service that claims that it provides users the ability to connect and access geographically-locked services and further claims to enhance privacy. The service operates on a peer to peer (p2p) model by establishing a mesh network between users where third parties may use a user's Internet connection to gain access into countries where content is accessible.
It has been identified that users of the free version are unable to opt-out of contributing their connections potentially to illegal activities without paying for the premium version. It has also been more critically identified that the software has multiple exploits and bad security implementations that may result in the network being used like a botnet where malicious parties can directly run software including malicious code on users' machines with the credentials of the operating system itself. This has the potential for 1) malware to be installed in a way to deny access to the administrative user who may attempt to remove that software without advanced techniques and 2) for private user data to be copied and transmitted to malicious parties.
The vendor has attempted to subvert online scanners to inform individuals if they are vulnerable or not, but has failed to address the issues with the vulnerabilities.
Mitigation/Solution
It is strongly advised to immediately cease usage of Hola and to uninstall the Hola programs, any browser extensions or related components and to scan with anti-malware/anti-virus software after uninstallation and to monitor one's system for undesired operation. It may be optionally advisable to use software like Revo Uninstaller (http://www.revouninstaller.com/revo_uninstaller_free_download.html) to conduct the uninstallation to monitor for leftovers.
