Pulse

By GCN Staff

Blog archive
superfish spyware

Lenovo CTO: Superfish spyware confined to consumer notebooks

While the Superfish VisualDiscovery spyware found on some Lenovo PCs has damaged the company’s reputation, enterprise customers have been assured the adware was confined to consumer market notebooks.

Superfish adware intercepts users’ web traffic to provide targeted advertisements. It also installs a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic, which US-CERT calls “a classic man-in-the-middle attack.” 

In an open letter from Lenovo CTO Peter Hortensius, he wrote that, “this issue was limited to our consumer notebooks and in no way impacted our ThinkPads; any tablets, desktops or smartphones; or any enterprise server or storage device.”

The company has also released an automated removal tool so customers could remove Superfish and related files. Additionally, Microsoft, McAfee and Symantec updated their software to automatically disable and remove this software.

Nevertheless, US-CERT says the systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken. Instructions on detecting and eliminating Superfish are available from US-CERT.

Posted by GCN Staff on Feb 24, 2015 at 11:21 AM


Featured

  • Budget
    Stock photo ID: 134176955 By Richard Cavalleri

    House passes stopgap spending bill

    The current appropriations bills are set to expire on Oct. 1; the bill now goes to the Senate where it is expected to pass.

  • Defense
    concept image of radio communication (DARPA)

    What to look for in DOD's coming spectrum strategy

    Interoperability, integration and JADC2 are likely to figure into an updated electromagnetic spectrum strategy expected soon from the Department of Defense.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.