February 19, 2015
Recently got a new Lenovo Computer ? You must read this !
Lenovo have been found installing Adware onto brand new factory shipped computers.
The adware, named Superfish, has been found installed on out-of-the box Lenovo laptops. It injects adverts into webpages browsed by the user, without their permission.
The technique, also known as a Man in the middle attack (MITM) installs a proxy on the computer to intercept the browser and internet connection. Using an SSL certificate makes sure it can inject ads into search results on your favourite search engine. One of the most worrying aspects of this is that it would allow Superfish malware to decrypt communications between say you and your bank – potentially compromised any SSL based web browsing.
Further research has revealed that the certificate chain used by Superfish has now been hacked, meaning all of the above applies and could now be used by attackers.
Lenovo have now confirmed they have stopped shipping computers with superfish malware on them.
Our advice – check Programs and Features and uninstall Superfish malware, and always, always keep your Antivirus software up to date and active.
We would always recommend that on any network, large or small, proactive steps are taken to make sure computers are protected from malware, adware and viri (viruses) at all times. We recommend that this is kept up to date and regular scans are ran to keep you safe.
UPDATE – 23/2/2015 09:46
Lenovo have now released a handy guide on how to remove Superfish malware (and have promised to stop installing it too!)
Lenovo are quoted as saying:
“We apologise for causing these concerns among our users – we are learning from this experience and will use it to improve what we do and how we do it in the future,”
If you are concerned, contact us now for a chat.