Site icon Emsisoft | Cybersecurity Blog

Warning! Lenovo pre-loads “Superfish” adware that bypasses SSL security on new laptops


It’s a known fact that most consumer desktop and laptop manufacturers like to add bloatware to their machines. Most new laptops come with plenty of unwanted software including lots of trials and add-ons. Computer manufacturer Lenovo seems to have taken it to a new level by pre-loading active adware on new consumer laptops. Adware is usually just advertising software but there is a thin line between being just opportunistic and actually shady and malicious. SuperFish, the adware pre-installed in this case comes dangerously close to that boundary and also has some major security holes.

Super F(Ph)ishing?

Superfish has been reported to be pre-installed on several Lenovo laptops. The adware is known to inject third-party ads on Google searches and websites without the user’s permission. Superfish affects the browsers Internet Explorer and Chrome and has proven to be a major annoyance for most users. It is even flagged by most major antivirus or anti-malware companies, including Emsisoft Anti-Malware. Superfish’s file certificate is on Emsisoft’s blacklist and shows behavior blocker alerts when someone tries to execute their adware.

Users report that the adware installs its own self-signed certificate authority which effectively allows it to spy on secure connections, like the ones used in banking websites. This malicious technique is known as man-in-the-middle attack, similar to those used in Heartbleed. Superfish bypasses SSL security, and it has been reported that users who have Superfish installed are now vulnerable to hacking and spying attacks due to it’s cracked certificate. It is surprising and disturbing that a major computer manufacturer like Lenovo is distributing such shady software.

Lenovo claims Superfish is useful software, but temporarily removed it after criticism

Lenovo defended their decision to include Superfish in their computers with a statement:

“Superfish helps users find and discover products visually and instantly analyzes images on the web and presents identical and similar product offers that may have lower prices.”

However due to a lot of complaints from users and pressure form the industry, Lenovo has temporarily removed Superfish from their bloatware list.

“We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already on the market, we have requested that Superfish auto-updates a fix that addresses these issues.”

How to scan for and remove Superfish from your computer

If you suspect you have the adware Superfish on your computer, perform a scan with the free Emsisoft Emergency Kit which flags the adware on your computer. To remove Superfish, perform the following steps:

Now, your browser doesn’t trust made-up SSL certificates of that adware anymore and you’re on the safe side.

Outlook for quick cash makes vendors blind for security issues

The fact that Lenovo has taken some action and contacted the developers is re-assuring, but the bigger picture is that adware is becoming more and more “acceptable” in the industry and manufacturers shamelessly add such software pre-loaded to their devices. The greater concern is that software like Superfish could turn rogue anytime and do some serious damage to the thousands of users who have unknowingly fallen in their grasp. Vendors blindly trust their advertising partners and don’t question what these actually may install on a system. Apparently, the outlook for quick cash makes them completely blind for security issues they may buy.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a great (adware-free) day!

Exit mobile version