Computer maker Lenovo has come in for some major criticism in the last few days, after it was discovered that many of their laptops were bundled with a nasty piece of adware called Superfish. Superfish injects additional adverts into the "Ads By Google" panel on many of the web pages you visit, which presumably earns Lenovo some additional cash.
What's particularly worrying about this adware, however, is that it also generates fake SSL certificates on your computer to allow it to intercept encrypted web traffic. This means, for example, that if you're logged into your bank's web site to view highly confidential information, Superfish is decrypting the web page in the background in order to be able to inject adverts into it. Which is probably against just about every bit of computer crime legislation in the world.
Lenovo eventually apologised and has stopped including Superfish in its products. It has also issued a free software tool which will check for the presence of Superfish on your computer and disable it. If you run a Lenovo laptop (the company says it was never installed on desktops), it's important that you download and run the removal tool as it can pose a significant security risk.
You'll find more information from Lenovo, plus a link to the tool, at http://news.lenovo.com/article_display.cfm?article_id=1931 and the tool itself is around 6 MB to download. The program is malware-free according to VirusTotal and Web of Trust. If you'd rather remove Superfish manuallly, the page also includes details on how to do so.
We are looking for people with skills or interest in the following areas:
Comments
PRIVDOG Not sure where to post this.
Here goes - Malewarebytes Free found over 100 incidents of malware because of Privdog!
Both Chrome and Firefox were not working right. Removed privdog extensions and separate install and all seems fine.
Beware - Privdog does not really help but causes other potentially serious problems.
My Avast anti-virus did NOT identify this threat!
Sincerely, Robert
Just a concern. It seems too obvious... "how did they think they could get away with it".
Could this be a Trojan hiding something deeper? I'm getting used to corporate dishonesty, but I wouldn't have thought the attempt would be so amateurish.
Sorry for the cynicism, but I hope talented pros are looking at the restored version.
Isn't Superfish detected and removed by antimalwares like Malwarebytes?
Thank you for this. I just purchased a refurbished Lenovo laptop and I will check it for this crapware item ASAP. Again, my sincere thanks.
Regards,
BearPup
LastPass has released a Superfish check tool that shows results inmediately just using your browser. There is a useful step-by-step guide about removing superfish, too.
https://lastpass.com/superfish/
I have a Lenovo laptop but thankfully it's not infected with Superfish. However, what I hate about Lenovo is their lying and deceitfulness. At first they say...
"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns."
Then they turn around and quietly edit it out and issue a "Severity: High" security advisory.
Don't just believe me but see for yourself on the Internet Archive Wayback Machine: http://wayback.archive.orghttp://forums.lenovo.com/t...
One last bit of news - The Department of Homeland Security has release an alert about it: https://www.us-cert.gov/ncas/alerts/TA15-051A