Attention Lenovo PC Owners: Something’s Fishy with Your Computer

Does your Lenovo computer have Superfish VisualDiscovery adware (a.k.a. spyware) installed? It's possible if you purchased a Lenovo PC any time in September of 2014 and thereafter.

This Superfish software intercepts the Lenovo user's traffic so that the user sees ads displayed that reflect their browsing habits. The problem with this targeted advertising scheme is that it comes with a vulnerability that makes it easy for hackers to attack.

Superfish enables targeted advertising by installing what's called a trusted root CA certificate.

Browser-based traffic that's encrypted gets intercepted, unscrambled and recrypted to one's browser by a man-in-the-middle attack. Due to the trusted root CA, the user's browser will not show any warnings that there's something very fishy going on (i.e., an attack).

The private key of the Superfish software can be easily recovered. This enables a hacker to produce certificates for any website that's trusted by a system that has the Superfish adware installed.

The hacker can then replicate websites, or spoof them, without the user ever knowing it because the browser won't know it. The type of attack is called SSL spoofing.

Many Lenovo users, hence, have the perspective of, "How DARE Lenovo preinstall this software?!" Lenovo has received harsh backlash and has claimed they've discontinued these installations. But this doesn't reverse the vulnerability of the PCs that already have the adware.

To find out if your Lenovo has this adware, see if it has an HTTP GET request to superfish.aistcdn.com. And then if it does, uninstall it, along with the root CA certificate—don't just uninstall the adware only; that certificate is what gets the hackers in.

The Microsoft Windows certificate store, and the Firefox and Thunderbird certificate stores, can guide you in managing and deleting certificates.

Right now, the best thing to do is head to this site: https://lastpass.com/superfish/ and then this site: https://filippo.io/Badfish/ to confirm your device doent have the superfish. If both check out OK, you're good.