ALERT! Superfish Contaminates Lenovo ALERT!

Published On February 21, 2015 | By Tom Huskerson | Alerts

 

CompanyLogos_Lenovo%20LogoThe holiday season has passed and of course many African-Americans got cool new techno-gadgets for Christmas, If you purchased a Lenovo computer it’s time to pay attention.

Lenovo, the world’s largest computer maker, has been selling computers  with an adware/malware known as Superfish. Superfish is the name of a marketing company that produces software called Visual Discovery along with other products.This adware allows ads to be placed in front of the user based on the images they are looking at.

This function involves analyzing images that appear on your computer screen. It matches these pictures against a giant database of images in the cloud. It then places similar images on your computer screen.

For example, if you’re looking at an ad for a new digital camera, Superfish, going by the example in its database, presents matching cameras.

superfish_416x416The Superfish software on your new Lenovo laptop monitors which websites you visit, what you are looking at and searches for related sites. All this based on images instead of the old-fashioned keyword search we are used to.

Sounds good so far right? You probably have no objection to greater choice in shopping or cheaper prices.  But that is if you are aware that Visual Discovery was installed on your computer in the first place. And of course assuming that the software works in a way that doesn’t put your online privacy and security at risk. Sadly many people who purchased these Lenovo computers had no idea this was happening. That is why Lenovo is catching hell and you could be vulnerable.

We like to keep it simple at the AACR so lets tell it like it is. This software opens you up for what hackers call a classic man-in-the-middle attack. See Visual Discovery doesn’t just work inside your browser to see what you are looking at. This adware/malware contains a proxy. This component intercepts network traffic outside your browser so it can keep track of what you are doing, like online banking, user names and passwords. Starting to get the picture? Its an open door to hackers! I don’t think I need to go any further than that.

According to Lenovo the company only installed Superfish on consumer laptops between September and December last year. During the holiday shopping season! Do think that was an accident? Really?

Chrome and Internet Explorer browsers are affected because they use Microsoft’s Windows store of trusted certificates. If you use the Firefox browser the Electronic Frontier Foundation found as many as 44,000 Superfish certificates were run by users of Mozilla’s browser.

How do you know if your computer is infected?  Check Windows’ list of trusted certificates. Go to Control Panel and search for “certificates”.  A list of Administrative Tools will come up. Select the “manage computer certificates” option. Click on the “Trusted Root Certification Authorities” option and then “Certificates”. If you see one with Superfish Inc. attached to it then consider yourself officially infected.

This is the nasty part. Even if you do find it, uninstalling the program does not solve the problem since it does not remove the certificate. So if you believe that Superfish is floating around inside your computer back up your data and update it to a new operating system; a new more secure OS. This is probably going to cost you some money but you can get that back and then some by joining the class action lawsuit.

Lenovo will no longer be using Superfish adware in its devices and will help customers remove the malware from their computers as quickly as possible. Lenovo also issued the following statement via Twitter: “We’re sorry. We messed up. We’re owning it. And we’re making sure it never happens again.” Lenovo also issued detailed instructions for removing the adware/malware as well as how to determine if the troublesome Superfish digital certificate is installed, and how to remove it. You can also find a published list of all machines on which Superfish was installed. You may want to check your machine.

 

 

 

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.