Pulse

By GCN Staff

Blog archive
superfish spyware

Lenovo CTO: Superfish spyware confined to consumer notebooks

While the Superfish VisualDiscovery spyware found on some Lenovo PCs has damaged the company’s reputation, enterprise customers have been assured the adware was confined to consumer market notebooks.

Superfish adware intercepts users’ web traffic to provide targeted advertisements. It also installs a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic, which US-CERT calls “a classic man-in-the-middle attack.” 

In an open letter from Lenovo CTO Peter Hortensius, he wrote that, “this issue was limited to our consumer notebooks and in no way impacted our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device.”

The company has also released an automated removal tool so customers could remove Superfish and related files. Additionally, Microsoft, McAfee and Symantec updated their software to automatically disable and remove this software.

Nevertheless, US-CERT says the systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken. Instructions on detecting and eliminating Superfish are available from US-CERT.

Posted by GCN Staff on Feb 24, 2015 at 11:21 AM


Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected