Jump to content

Lenovo caught installing adware on new computers


SweX
 Share

Recommended Posts

It looks like Lenovo has been installing adware onto new consumer computers from the company that activates when taken out of the box for the first time.

 

The adware, named Superfish, is reportedly installed on a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission.

 

Superfish appears to affect Internet Explorer and Google Chrome on these Lenovo computers.

 

A Lenovo community administrator, Mark Hopkins, wrote in late January that the software would be temporarily removed from current systems after irate users complained of popups and other unwanted behavior:

 

We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.

 

Hopkins defended the adware, saying that it “helps users find and discover products visually” and “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.”

 

hxxp://thenextweb.com/insider/2015/02/19/lenovo-caught-installing-adware-new-computers/

Edited by SweX
Link to comment
Share on other sites

 

Hopkins defended the adware, saying that it “helps users find and discover products visually” and “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.”

  :wacko::blink: Yeah-right.

 

Link to comment
Share on other sites

That's really now "nice" of them - not only because it's PUA, but because of this root certificate it's also a security risk for all of their users with these "software"...

Lenovo Is Breaking HTTPS Security on its Recent Laptops | EFF

 

And to answer a post by @Aryeh Goretsky (yeah I was also very surprised that he is in the Levono forum):

 

Hello,

 

Some anti-malware programs use a similar technique, I believe, in order to decrypt and scan encrypted communications for malware.

 

Regards,

 

Aryeh Goretsky

 

He believes... :rolleyes:

He knows this of course... :D

 

But the important difference between the root cert from "Superfish" and AV software like ESET is the following:

  • Levono used the same private key for every installation of Superfish, so an attacker is able to decrypt all HTTPS communication.
  • ESET uses a new private key (and certificate) for each computer. You can simply test this by activating SSL scanning two times. Everytime a new certificate will be created.
    I've done this and you can see this in the screenshot (the hashes are different):
    post-3952-0-28489500-1424431836_thumb.png
Link to comment
Share on other sites

Didn't you know that Aryeh is everywhere on the Internet? :D

 

Okay not everywhere, but he is active on quite many sites and forums. Answering questions, helping people...and so forth.

Edited by SweX
Link to comment
Share on other sites

The Superfish root certificate can be used to create certificates for any domain, and those certificates will be implicitly trusted by the browser on any Superfish-infected system, leaving victims vulnerable to man-in-the-middle attacks. To fix this, the certificate itself needs to be removed.

 

There are several places that the Superfish certificate can be installed. Windows has its own certificate store that includes, among other things, the root certificates that it trusts. Superfish installs its certificate to the Windows store. Some third-party software, including Mozilla Firefox and Mozilla Thunderbird, doesn't use the Windows store; instead, those apps have their own private certificate stores. Superfish can insert its root certificate into those stores, too, though this isn't guaranteed. To make a Superfish system secure, all of these stores must be cleaned.

 

hxxp://arstechnica.com/security/2015/02/how-to-remove-the-superfish-malware-what-lenovo-doesnt-tell-you/

Edited by SweX
Link to comment
Share on other sites

Lenovo and Superfish? Don’t panic, you may not be affected

hxxp://www.welivesecurity.com/2015/02/20/lenovo-superfish-dont-panic-may-affected/

Lenovo apologizes over pre-installed tracking software

hxxp://www.welivesecurity.com/2015/02/20/lenovo-apologizes-pre-installed-tracking-software/

Link to comment
Share on other sites

Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.

 

 

hxxp://arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/

Link to comment
Share on other sites

Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops.

 

The move will be another blow against Superfish, which is under a sustained barrage of criticism for its use of a root certificate to launch man-in-the-middle attacks against innocent users in order to inject advertising into web searches.

 

 

hxxp://www.theregister.co.uk/2015/02/23/mozilla_mulls_super_phish_torpedo/

Edited by SweX
Link to comment
Share on other sites

A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.

 

hxxp://www.pcworld.com/article/2887392/lenovo-hit-with-lawsuit-over-superfish-snafu.html

Link to comment
Share on other sites

  • 3 weeks later...

Just FYI there was just published a nice summary from Arey Goretsky.

 

Its been just under three weeks since February 19th, when Lenovo became entangled in a web of controversy over its preinstallation of Superfish’s Visual Search adware on some of its popular consumer laptops during last year’s holiday shopping season.

Superfish: Lenovo goes on the bloatware offensive

Edited by rugk
Link to comment
Share on other sites

  • 4 weeks later...

I only want to wake up this thread for a link to some information how to remove Superfish: https://forum.eset.com/topic/4582-superfish/

Just because I want to add that ESET also offered a free tool for removing Superfish.

 

BTW also interesting too see the statistics on virusradar for Superfish.

Edited by rugk
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...