Lenovo PCs Ship with Nasty Malware, Putting User Data at Risk
The world's largest PC maker, Lenovo, is in the international hot seat for shipping laptops pre-installed with a virus-like software that puts customers in the line of hacker fire, according to one security researcher.
Since June, Lenovo customers have been reporting a program called Superfish, software that automatically displays advertisements in the name of helping consumers find products online, said Robert Graham, CEO of security research firm Errata Security.
Superfish is designed to intercept all encrypted connections and leaves the door open for NSA-style spies to hack into PCs through man-in-the-middle attacks, he said.
"The company claims it's providing a useful service, helping users do price comparisons. This is false. It's really adware," Graham wrote in a blog post. “They don't even offer the software for download from their own Web site. It's hard Googling for the software if you want a copy because your search results will be filled with help on removing it. The majority of companies that track adware label this as adware.”
What Does Superfish Really Do?
Lenovo acknowledged the problem and said it has removed Superfish from its consumer PCs "until such time as Superfish is able to provide a software build that addresses these issues." Lenovo also requested Superfish auto-update a fix that addresses these issues. Superfish could not immediately be reached for comment.
"To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually," Lenovo said in its forum. "The technology instantly analyzes images on the Web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine."
The PC maker described, in great detail, the functionality of Superfish to assure customers that it’s not serving results based on user behavior and that it does not profile or monitor user behavior or record user information.
Watch Out for PUPs
We caught up with Adam Kujawa, head of malware Intelligence at anti-malware and Internet security software firm Malwarebytes, to get his thoughts on Superfish and programs like it. He predicted late last year that adware would behave more and more like viruses.
Kujawa told us potentially unwanted programs, or PUPs as they are known in the security research world, are nuisances to the modern user because of their high requirements for system resources and constant bombardment of advertising.
"However, we have seen numerous instances of PUPs actually going a step further and installing near-malicious and full-malicious software on the host system," Kujawa said. "This trend may very well become more prevalent in the coming year as the war against junk software leads some developers to dabble in illegal activities to make a profit."
Posted: 2015-02-19 @ 7:26pm PT
stuff lenovo that's what I think!