The computer manufacturer company Lenovo has been forced to remove hidden adware called Superfish after users complained it was automatically installed on their PC’s and laptops when they purchased them.
The hidden adware called Superfish has been revealed as a piece of software that injects adverts onto a browser using techniques similar to spam adware (through man in the middle attacks). Lenovo have stated that Superfish was originally designed to help users find products by visually analysing images on the web in order to find the cheapest ones. It did this by ‘redirecting’ web traffic using bogus, self-signed, root certificates to inject advertisements into sessions.
Superfish was discovered through a Lenovo forum where many users complained about the ‘software’ and demanded a response as to why they were “victims of attacks”. Many of these users claimed that the Superfish software was interfering with some digital certificates.
A forum administrator, Mark Hopkins told users that Lenovo had responded by saying that “due to some issues (browser pop up behaviour, for example)”, the company had “temporarily removed Superfish from consumer systems until such time as Superfish is able to provide a software build that addresses these issues”. He went on to add that he had requested that the hidden adware called Superfish issue an auto-update for “units already in market”.
Lenovo have issued a statement to V3 saying “Superfish was preloaded onto a select number of consumer models only” and that they are “thoroughly investigating all and any new concerns raised regarding Superfish.”
ZDNet have commented that “the only remedy to removing Superfish appears to be reinstalling Windows from a non-Lenovo image, or moving to another operating system” however un-installing the hidden adware called Superfish can reportedly leave the root certificate authority behind.