SweX 871 Posted February 19, 2015 Share Posted February 19, 2015 (edited) It looks like Lenovo has been installing adware onto new consumer computers from the company that activates when taken out of the box for the first time. The adware, named Superfish, is reportedly installed on a number of Lenovo’s consumer laptops out of the box. The software injects third-party ads on Google searches and websites without the user’s permission. Superfish appears to affect Internet Explorer and Google Chrome on these Lenovo computers. A Lenovo community administrator, Mark Hopkins, wrote in late January that the software would be temporarily removed from current systems after irate users complained of popups and other unwanted behavior: We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues. Hopkins defended the adware, saying that it “helps users find and discover products visually” and “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.” hxxp://thenextweb.com/insider/2015/02/19/lenovo-caught-installing-adware-new-computers/ Edited February 19, 2015 by SweX Link to comment Share on other sites More sharing options...
TomFace 539 Posted February 19, 2015 Share Posted February 19, 2015 Hopkins defended the adware, saying that it “helps users find and discover products visually” and “instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.” Yeah-right. Link to comment Share on other sites More sharing options...
rugk 397 Posted February 20, 2015 Share Posted February 20, 2015 That's really now "nice" of them - not only because it's PUA, but because of this root certificate it's also a security risk for all of their users with these "software"... Lenovo Is Breaking HTTPS Security on its Recent Laptops | EFF And to answer a post by @Aryeh Goretsky (yeah I was also very surprised that he is in the Levono forum): Hello, Some anti-malware programs use a similar technique, I believe, in order to decrypt and scan encrypted communications for malware. Regards, Aryeh Goretsky He believes... He knows this of course... But the important difference between the root cert from "Superfish" and AV software like ESET is the following: Levono used the same private key for every installation of Superfish, so an attacker is able to decrypt all HTTPS communication. ESET uses a new private key (and certificate) for each computer. You can simply test this by activating SSL scanning two times. Everytime a new certificate will be created.I've done this and you can see this in the screenshot (the hashes are different): Link to comment Share on other sites More sharing options...
SweX 871 Posted February 20, 2015 Author Share Posted February 20, 2015 (edited) Didn't you know that Aryeh is everywhere on the Internet? Okay not everywhere, but he is active on quite many sites and forums. Answering questions, helping people...and so forth. Edited February 20, 2015 by SweX Link to comment Share on other sites More sharing options...
SweX 871 Posted February 20, 2015 Author Share Posted February 20, 2015 (edited) The Superfish root certificate can be used to create certificates for any domain, and those certificates will be implicitly trusted by the browser on any Superfish-infected system, leaving victims vulnerable to man-in-the-middle attacks. To fix this, the certificate itself needs to be removed. There are several places that the Superfish certificate can be installed. Windows has its own certificate store that includes, among other things, the root certificates that it trusts. Superfish installs its certificate to the Windows store. Some third-party software, including Mozilla Firefox and Mozilla Thunderbird, doesn't use the Windows store; instead, those apps have their own private certificate stores. Superfish can insert its root certificate into those stores, too, though this isn't guaranteed. To make a Superfish system secure, all of these stores must be cleaned. hxxp://arstechnica.com/security/2015/02/how-to-remove-the-superfish-malware-what-lenovo-doesnt-tell-you/ Edited February 20, 2015 by SweX Link to comment Share on other sites More sharing options...
rugk 397 Posted February 20, 2015 Share Posted February 20, 2015 Lenovo and Superfish? Don’t panic, you may not be affected hxxp://www.welivesecurity.com/2015/02/20/lenovo-superfish-dont-panic-may-affected/ Lenovo apologizes over pre-installed tracking software hxxp://www.welivesecurity.com/2015/02/20/lenovo-apologizes-pre-installed-tracking-software/ Link to comment Share on other sites More sharing options...
SweX 871 Posted February 23, 2015 Author Share Posted February 23, 2015 Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority. hxxp://arstechnica.com/security/2015/02/security-software-found-using-superfish-style-code-as-attacks-get-simpler/ Link to comment Share on other sites More sharing options...
SweX 871 Posted February 23, 2015 Author Share Posted February 23, 2015 (edited) Firefox-maker Mozilla may neuter the likes of Superfish by blacklisting dangerous root certificates revealed less than a week ago to be used in Lenovo laptops. The move will be another blow against Superfish, which is under a sustained barrage of criticism for its use of a root certificate to launch man-in-the-middle attacks against innocent users in order to inject advertising into web searches. hxxp://www.theregister.co.uk/2015/02/23/mozilla_mulls_super_phish_torpedo/ Edited February 23, 2015 by SweX Link to comment Share on other sites More sharing options...
SweX 871 Posted February 23, 2015 Author Share Posted February 23, 2015 A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. hxxp://www.pcworld.com/article/2887392/lenovo-hit-with-lawsuit-over-superfish-snafu.html Link to comment Share on other sites More sharing options...
rugk 397 Posted March 12, 2015 Share Posted March 12, 2015 (edited) Just FYI there was just published a nice summary from Arey Goretsky. Its been just under three weeks since February 19th, when Lenovo became entangled in a web of controversy over its preinstallation of Superfish’s Visual Search adware on some of its popular consumer laptops during last year’s holiday shopping season. Superfish: Lenovo goes on the bloatware offensive Edited April 6, 2015 by rugk Link to comment Share on other sites More sharing options...
willieaames 0 Posted April 6, 2015 Share Posted April 6, 2015 This is why we should clean and install new copy of windows Link to comment Share on other sites More sharing options...
rugk 397 Posted April 6, 2015 Share Posted April 6, 2015 (edited) I only want to wake up this thread for a link to some information how to remove Superfish: https://forum.eset.com/topic/4582-superfish/ Just because I want to add that ESET also offered a free tool for removing Superfish. BTW also interesting too see the statistics on virusradar for Superfish. Edited April 6, 2015 by rugk Link to comment Share on other sites More sharing options...
Recommended Posts