Virtace's mandate is to enable our clients to work different

Contact us to find out how we can enable your organization to effectively use IT to improve how your business performs.


IMPORTANT: If you own a Lenovo PC, please read about the Superfish security threat.

Posted on: February 25th, 2015 by Administrator No Comments

Superfish Malware Found 

on Lenovo Laptops.12b2f98c-3735-4663-83f8-e6df5bf4c80e

PC maker, Lenovo recently announced that select non-Thinkpad series Lenovo PCs shipped after September 2014 included a pre-installed software called Superfish Visual Discovery, which have been found to be potentially a grave security threat.

The Superfish Visual Discovery software causes a security breach that is very much similar to a malware. It has been recently found to replace existing secure website certificates with its own, having previously installed a trusted root certificate in the computer’s secure store, in order to insert advertising into even secure (https) web sites. This means that when you go to a secure website and check the certificate, it will be signed by Superfish Inc., not the correct company. Therefore anyone using an affected Lenovo laptop is highly vulnerable to having their credit card and banking information easily decrypted and stolen. Also, a third party could falsely sign a fake website with this certificate, which would show up as correct on an affected machine, allowing easy phishing attacks.

There are a series of tools that have since been provided by Lenovo to fix this problem.

For assistance in resolving this issue, please contact Virtace Inc.
at info@virtace.com or 1-877-628-1011 Ext. 2.

Read more:

Excerpt from an official announcement from Lenovo regarding Superfish.

http://thehackernews.com/2015/02/superfish-malware-removing-tool.html

http://www.computer-answers.ca/2015/computer-questions/superfish-malware-installed-on-new-machines-exposes-https-browsing/

http://www.businessinsider.com/lots-of-other-pcs-have-superfish-risk-2015-2#ixzz3SbjFxOE

Summary 

info@virtace.com

5c95d2e0-1b38-4496-aacc-c6ed11892202  008b296f-d28f-49fd-bbc0-9e4125692b02

Background Information

LENOVO OFFICAL STATEMENT ON SUPERFISH

As you may have heard, select Lenovo consumer notebooks shipped after September 2014 included Superfish Visual Discovery software as a shopping aid to customers. Superfish is a TrustE certified third-party software vendor, with offices in Palo Alto, CA.
User feedback on the software was not positive and we received some reports of security concerns.

Please note that Lenovo has NOT loaded this software on any ThinkPad notebooks, nor any desktops, tablets, workstations, servers or smartphones. The only impacted models are the following consumer notebook series: Z-series, Y-Series, U-Series, G-Series, S-Series, Flex-Series, Yoga, Miix and E-Series. If you use any of these Lenovo consumer models in your enterprise, please refer to the Customer Support information below.
While this software does not impact the models typically used by businesses, we wanted to let you know that we take user feedback seriously at Lenovo. We know that millions of people rely on our devices every day, and it is our responsibility to deliver quality, reliability, innovation and security to each and every customer. We make every effort to provide a great user experience for our customers.

We recognize that the Superfish software has caused concern. Lenovo has taken steps to address that concern.

  • Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the software is no longer active
  • Lenovo has stopped preloading the software and will not preload this software again in the future.
  • Lenovo has provided instructions for uninstalling this software and will soon provide a software removal patch.

Leave a Reply