Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Lenovo Releases Superfish Removal Tool

Lenovo has finally released a removal tool for users who want to get rid of the infamous Superfish adware which made headlines for the firm last week for all the wrong reasons.

The Chinese PC giant made available an automatic removal tool as well as information for those who want to manually uninstall and remove the software.

It is claimed to work for IE, Chrome, Opera Safari, Maxthon and “any other browser that utilizes the Windows Certificate store.”

The news comes after the US-CERT on Friday warned affected Lenovo customers to uninstall Superfish and any relevant root CA certificates.

“A machine with Superfish VisualDiscovery installed will be vulnerable to SSL spoofing attacks without a warning from the browser,” it claimed in an advisory.

News emerged last week that some Lenovo laptop models came with adware pre-installed.

The Chinese PC player first tried to head off criticism by claiming the software was designed to “enhance the shopping experience” for customers by presenting them with ads for products similar to ones they’d been searching for.

It also said that preloads of the tool had been stopped back in January.

However, the firm then came under fire after it emerged that the adware installs its own CA certificate to work, raising the possibility that hackers could use the program to launch Man in the Middle attacks against users.

The US-CERT explained as follows:

“Because the certificates used by Superfish are signed by the CA installed by the software, the browser will not display any warnings that the traffic is being tampered with. Since the private key can easily be recovered from the Superfish software, an attacker can generate a certificate for any website that will be trusted by a system with the Superfish software installed. This means websites, such as banking and email, can be spoofed without a warning from the browser.”

In related news, the company responsible for Superfish, Komodia, was hit by a DDoS attack on Friday, rendering its website virtually inaccessible.

"Apparently, someone is looking to send a message to Komodia and their means of communication is quite aggressive. Rendering the website unresponsive for typical internet activity is becoming a primary means for cyber warfare and this scenario is a prime example,” said Dave Larson, CTO of Corero Network Security.

“While traditional security technologies and network personnel are trying to deal with the outage caused by a DDoS attack, the business remains effectively offline."

What’s Hot on Infosecurity Magazine?