web analytics

Lenovo Shipping Superfish Malware in PCs

Posted By

Free Malware with Lenovo Computers

lenovo header

Lenovo have released superfish removal tool. You can download it from here

The technology has the ability to analyze images and provide ads according to their recent searches.

Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled.

Superfish Malware or an Adware can in theory see users traffic and also alter it. Bigger concerns is that hackers can exploit Superfish private key and use their own certificate to spy on the users.

It’s the same root CA private-key for every computer. This means that hackers at your local cafe Wi-Fi hotspot, or the NSA eavesdropping on the internet, can use that private-key to likewise intercept all SSL [encrypted] connections from Superfish users,” said Graham. He told Forbes this amounted to “an egregious security failure”. “It’s intent is so that Superfish can ‘hack’ you, and it opens the system up to hacks by others.

It means Superfish can generate a valid (from the browser’s standpoint) encryption certificate for Facebook or Google, or any other site using HTTPS,” noted security analyst Andreas Lindh

Who is affected? And can you fix it?

At the moment, Lenovo has taken Superfish offline, it also removed Superfish from preloads of new computer system in January 2015. It appears that Superfish has been running on system for the past couple of years. At the time, company sold 113 Million PCs. So there must be millions of affected computers out there. Chrome and IE are both affected since they use Microsoft’s Window store of trusted certificates. Even though Firefox has it own certificate providers, researches found 44,000 Superfish certificates.

How can i remove it?

Uninstalling the program won’t solve your problem, well not everything anyway. Uninstalling won’t remove the certificates.

  • Go to File and Click Add/Remove.
  • Choose Certificates, click Add.
  • Choose Computer Account, click Next
  • Choose Local Computer, click Finish
  • Click OK
  • Look under Trusted Root Certification Authorities -> Certificates
  • Find the one issued to Superfish and delete it

If you want a visual tutorial, follow this Youtube video

Author: Shivniel Gounder

TheGeek : Writes about information security, privacy, cybersecurity and latest tech gadgets and more.

Share This Post On

Submit a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: