What You Need To Know About Lenovo Superfish Malware

Media Division | February 20, 2015

Computer manufacturer Lenovo is facing heavy criticism over shipping millions of laptops pre-installed with Superfish malware. This malware inserts ads into web pages and compromises the security of victims, enabling hackers to track personal data of users, when users of Lenovo laptops conduct online transactions.

Besides taking up space in the laptop, the malware also undermines basic security protocols by tampering with widely-used systems of website certificates, which makes it hard for the computer to recognize, for example, a fake banking site. By removing the certificates that prevent rouge sites and cyber criminals from impersonating trusted sites, Superfish makes the job easy for hackers.

Mid-2014 was the time when consumers started spotting the malware on Lenovo PCs for the first time. The kind of technology it is using is better known as a hacking technique known for stealing personal details, called ‘man-in-the-middle’ hack attack.

After facing backlash from computer security experts and customers, Lenovo acknowledged the following:

“User feedback was not positive,” so the company stopped preinstalling software in new units in January, according to a company spokesperson. Additionally, Lenovo promised that it “will not preload this software in the future” and stated that it deactivated the feature on its servers, which makes the program useless on everyone’s computers.

The company initially stated that Superfish was only on some notebook products shipped in the window between October and December, but when CNNMoney pointed towards earlier complaints, Lenovo acknowledged that the installations went back to September.

The company listed 43 affected models, including E-, Flex, G-, Y-, U- and Z-series laptops as well as Yoga and Miix tablets.

“They have not only betrayed their customers’ trust, but also put them at increased risk,” stated security analyst at Tripwire, Ken Westin.

What to do if your system is infected?

The Superfish certificate could be installed in several areas. Windows, for examples, includes default certificate store that includes the trusted root certificates. Superfish places its certificate in the Windows store. The software can also insert the root certificate into Mozilla Thunderbird and Mozilla Firefox stores. As a result, it is important to clean all stores.

To uninstall the Superfish software, right click the Start button and select ‘programs and features’ from the menu. Search for the entry close to the name ‘Superfish Inc. Visual Discovery’ and double-click it. The software will then be removed from your computer. After that, you can restart your computer.

The next step is to clean up the certificate store. Right click the Start button and launch a Command Prompt, enter ‘certmgr.msc’ as command and tap return to start the certificate manager app. From its left, navigate to Trusted Root Certificate Authorities > Certificates. The list you see next will include Superfish Inc. – select it and click on delete. Then a prompt will ask for your confirmation, select ‘yes’.

Those who have Mozilla Firefox and Thunderbird installed need to do more. From FireFox, launch the menu from top right and select options > Advanced tab > Certificates subtab. Select View Certificates and scroll to search for the Superfish file. Select the entry and press delete. The process is similar Thunderbird users with just a difference in menu.

With the help of these steps, you’ll completely get Superfish malware out of your Lenovo computer.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.