Lenovo CTO: Superfish spyware confined to consumer notebooks
While the Superfish VisualDiscovery spyware found on some Lenovo PCs has damaged the company’s reputation, enterprise customers have been assured the adware was confined to consumer market notebooks.
Superfish adware intercepts users’ web traffic to provide targeted advertisements. It also installs a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic, which US-CERT calls “a classic man-in-the-middle attack.”
In an open letter from Lenovo CTO Peter Hortensius, he wrote that, “this issue was limited to our consumer notebooks and in no way impacted our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device.”
The company has also released an automated removal tool so customers could remove Superfish and related files. Additionally, Microsoft, McAfee and Symantec updated their software to automatically disable and remove this software.
Nevertheless, US-CERT says the systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken. Instructions on detecting and eliminating Superfish are available from US-CERT.
Posted by GCN Staff on Feb 24, 2015 at 11:21 AM