Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Lenovo PCs Ship with Nasty Malware
Lenovo PCs Ship with Nasty Malware, Putting User Data at Risk
Lenovo PCs Ship with Nasty Malware, Putting User Data at Risk
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
The world's largest PC maker, Lenovo, is in the international hot seat for shipping laptops pre-installed with a virus-like software that puts customers in the line of hacker fire, according to one security researcher.

Since June, Lenovo customers have been reporting a program called Superfish, software that automatically displays advertisements in the name of helping consumers find products online, said Robert Graham, CEO of security research firm Errata Security.

Superfish is designed to intercept all encrypted connections and leaves the door open for NSA-style spies to hack into PCs through man-in-the-middle attacks, he said.

"The company claims it's providing a useful service, helping users do price comparisons. This is false. It's really adware," Graham wrote in a blog post. “They don't even offer the software for download from their own Web site. It's hard Googling for the software if you want a copy because your search results will be filled with help on removing it. The majority of companies that track adware label this as adware.”

What Does Superfish Really Do?

Lenovo acknowledged the problem and said it has removed Superfish from its consumer PCs "until such time as Superfish is able to provide a software build that addresses these issues." Lenovo also requested Superfish auto-update a fix that addresses these issues. Superfish could not immediately be reached for comment.

"To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually," Lenovo said in its forum. "The technology instantly analyzes images on the Web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine."

The PC maker described, in great detail, the functionality of Superfish to assure customers that it’s not serving results based on user behavior and that it does not profile or monitor user behavior or record user information.

"It does not know who the user is. Users are not tracked nor re-targeted," Lenovo said. "Every session is independent. When using Superfish for the first time, the user is presented the terms of user and privacy policy, and has option not to accept these terms, i.e., Superfish is then disabled."

Watch Out for PUPs

We caught up with Adam Kujawa, head of malware Intelligence at anti-malware and Internet security software firm Malwarebytes, to get his thoughts on Superfish and programs like it. He predicted late last year that adware would behave more and more like viruses.

Kujawa told us potentially unwanted programs, or PUPs as they are known in the security research world, are nuisances to the modern user because of their high requirements for system resources and constant bombardment of advertising.

"However, we have seen numerous instances of PUPs actually going a step further and installing near-malicious and full-malicious software on the host system," Kujawa said. "This trend may very well become more prevalent in the coming year as the war against junk software leads some developers to dabble in illegal activities to make a profit."

Tell Us What You Think


Posted: 2015-02-19 @ 7:26pm PT
stuff lenovo that's what I think!

Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.