Superfish Malware Found
PC maker, Lenovo recently announced that select non-Thinkpad series Lenovo PCs shipped after September 2014 included a pre-installed software called Superfish Visual Discovery, which have been found to be potentially a grave security threat.
The Superfish Visual Discovery software causes a security breach that is very much similar to a malware. It has been recently found to replace existing secure website certificates with its own, having previously installed a trusted root certificate in the computer’s secure store, in order to insert advertising into even secure (https) web sites. This means that when you go to a secure website and check the certificate, it will be signed by Superfish Inc., not the correct company. Therefore anyone using an affected Lenovo laptop is highly vulnerable to having their credit card and banking information easily decrypted and stolen. Also, a third party could falsely sign a fake website with this certificate, which would show up as correct on an affected machine, allowing easy phishing attacks.
There are a series of tools that have since been provided by Lenovo to fix this problem.
For assistance in resolving this issue, please contact Virtace Inc.
at email@example.com or 1-877-628-1011 Ext. 2.
LENOVO OFFICAL STATEMENT ON SUPERFISH
As you may have heard, select Lenovo consumer notebooks shipped after September 2014 included Superfish Visual Discovery software as a shopping aid to customers. Superfish is a TrustE certified third-party software vendor, with offices in Palo Alto, CA.
User feedback on the software was not positive and we received some reports of security concerns.
Please note that Lenovo has NOT loaded this software on any ThinkPad notebooks, nor any desktops, tablets, workstations, servers or smartphones. The only impacted models are the following consumer notebook series: Z-series, Y-Series, U-Series, G-Series, S-Series, Flex-Series, Yoga, Miix and E-Series. If you use any of these Lenovo consumer models in your enterprise, please refer to the Customer Support information below.
While this software does not impact the models typically used by businesses, we wanted to let you know that we take user feedback seriously at Lenovo. We know that millions of people rely on our devices every day, and it is our responsibility to deliver quality, reliability, innovation and security to each and every customer. We make every effort to provide a great user experience for our customers.
We recognize that the Superfish software has caused concern. Lenovo has taken steps to address that concern.
- Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the software is no longer active
- Lenovo has stopped preloading the software and will not preload this software again in the future.
- Lenovo has provided instructions for uninstalling this software and will soon provide a software removal patch.