Yeah, they even have a page specifically geared toward people who want to use it for ad injection:

http://www.komodia.com/ad-injection-sdk/

Edit: spelling

That page is scary reading. They’re actively selling their product as resistant to AV software and warning that it might be targeted by Google/Microsoft in the future.

Yep, I was just thinking the same thing. Pretty horrifying to read "The SDK has anti virus capabilities and each compiled version generates a totally new version" and realize that a major PC OEM knowingly installed this on new systems. It's malware in every sense of the word.

No honor among criminals. They also:

   Actively remove global proxy injected JS by
   either removing the JS from HTML or blocking
   the requests to the ad server.

So if someone else injects JS, they remove it before injecting their own.

Technically they're saying that their competitors might be targeted by Google/Microsoft. But yes, it's messed up that a company is openly advertising their malware product like this.

Wow, how is this even legal to advertise?

"... allows you to get/modify/inject all SSL traffic decrypted and without any warning messages to the user."

Sadly it allows anyone, not just "you" to modify SSL/TLS traffic since the Superfish MitM proxy is validating any cert. I have a screenshot here: http://defaultstore.com/four.png of it validating my transparent network MitM proxy provided cert and showing the lock in the address bar.

>Site is offline due to DDOS with the recent media attention.

Interestingly that site got DDOS'd.

There is even a Facebook 'like' button at the bottom.

Do they sell in USA? Are their products even legal??

SSL interceptors are typically marketed for corporate use, where the company installs a Root CA certificate into it's employee's computers (the company owns the computers after all). Nothing illegal about a company modifying a computer they own and/or monitoring traffic on their own network.