Skip to content

You Just Can’t Trust a Trojan VPN

2012-12-01

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

20121201_privitize_iconFor at least the past month, someone has been playing dirty tricks on people downloading pirated commercial software: Instead of getting the five-finger discount, the software pirates are getting something they didn’t expect — a VPN software client that calls itself Privitize. The installer for this highly suspicious software was named after lots of different pirated TV shows, movies, utility and game software, and music.

VPNs are amazing tools for privacy and data security. Typically, individuals use VPNs to create a secure, encrypted private tunnel between their location and a corporate network, through which they can send and receive sensitive data without concern that the data might be intercepted enroute. Businesses, for example, operate VPNs so remote workers can connect to file shares and other private resources, or to route their regular Internet traffic through the company network and avoid “man in the middle” surveillance.

But sometimes using a VPN makes you less secure. How? In this case, the VPN pushes all the Internet traffic on a victim’s computer through an encrypted tunnel that terminates in a datacenter physically located in Stockholm, Sweden. While the VPN may protect the data until it arrives in Stockholm, once it arrives at the datacenter, someone could simply sniff the “out” port of whatever VPN device receives the data.

In essence, it routes absolutely everything directly through a network that is inherently untrustworthy: After all, the company distributing these VPN client installers lied to you about the nature of the installers. Would you really trust a company that would do that to protect other, considerably more sensitive data they might be able to access?

20121201_privitize_sig-detail_crop

The Privitize installer executable is a 1067KB NSIS installer using the standard NSIS icon (it kind of looks like a CD). The installer itself carries a valid Comodo digital signature, but the company name listed in the file properties (OOO “Industry”) seems a little dodgy.

20121201_privitize_sample-installer-names_crop

The domain listed in the digital signature properties (ooo-industry.ru) was only registered a few months ago, in July, and is hosted on a free Web site hosting service called host1free.com. It doesn’t exactly scream trustworthy.

https://solerablog.files.wordpress.com/2012/12/20121201_privitize_site-about-page-2_detail.png

Privitize itself has a Web site, but it looks like a fly-by-night job. Its Web presence on privitize.com explains that the product provides free VPN services with unlimited bandwidth, and promises that your Web traffic will be “secured and anonymouse.” Well, that’s certainly an interesting promise.

In fact, when I took a look at the Web site, I couldn’t find any information about the company (other than its name, Industriya LLC), its officers, or even its business address. Interestingly, for a business with two domains registered in Russia, to people with Russian-sounding names at addresses in Moscow, the entire site contents are in English. The Privitize.com IP address reverse-lookup pointer references another weird domain name hosted in the same IP address space: d-book.tv.

privitize_contactform

The contact form actually had me laughing because it is simply a Web form headed with the text “Hey I just met you. And this is crazy, but here’s my email. So write me maybe?” It’s funny not only because this is a slight alteration to the chorus of the Carly Rae Jepsen song Call Me Maybe, but also because I’ve been getting spammed for months with “Russian girls looking for dates” email whose messages paraphrase, if not precisely mimic the wording of, this sentiment. How about no? Does no work for you?

general-and-abuse

Also amusingly, the only two options in the “Reason” (for contacting Privitize) dropdown menu are given as General and Abuse.

20121201_privitize_ooo-industry.ru-whois-reg.ru

The domain registration for ooo-industry.ru gives little information beyond the date, but Privitize.com (registered on September 5th) delivers a street address.

20121201_privitize_streetviewsmall

The WHOIS record address points to a real, physical building in Moscow. Google thinks that, among the companies at the address, there’s a company intriguingly named Universal Security occupying the second floor. Other businesses in the same building include other mining companies, and a Swiss bank branch, which might explain the uniformed guards wearing a gormless expression in the Street View picture of the building.

20121201_privitize_alsoatthisaddress_crop

The real Industriya LLC, according to Bloomberg, is a gold mining company based in Karelia, a part of northern Russia bordering Finland. I’m going to go out on a limb and make a wild guess: Industriya isn’t a company whose business is interested (or involved) in providing free, unlimited VPN services to the world.

Given all the really strange circumstances surrounding the way this file was distributed, the sketchy company details, the financially impractical business model of a free VPN service with no strings attached (yeah, right), and the fact that the software bundled an adware installer along with its own installer, the safe bet would be — aside from avoiding downloading pirated software — to give Privitize a wide berth.

Comments are closed.

%d bloggers like this: