Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Malware

Lenovo released an automatic removal tool for the Superfish adware

Lenovo, with the support of Microsoft and McAfee, has developed a removal tool to clean its laptop and delete the Superfish malware. Last week, the news of the presence of Superfish adware in the laptops sold by the Chinese Lenovo has captured the attention of the media. The presence of the Superfish malware exposes Lenovo users to […]

Lenovo released an automatic removal tool for the Superfish adware

Lenovo, with the support of Microsoft and McAfee, has developed a removal tool to clean its laptop and delete the Superfish malware.

Last week, the news of the presence of Superfish adware in the laptops sold by the Chinese Lenovo has captured the attention of the media. The presence of the Superfish malware exposes Lenovo users to hacking attacks, as explained by the cyber security expert Robert Graham in a blog post the malware hijacks and throws open encrypted connections, a circumstance that could be exploited by attackers to eavesdrop the users’ traffic.
Lenovo has intentionally pre-installed a malware on laptops, but once discovered has tried to remedy the problem by releasing a tool to remove the ,malicious “SuperFish” adware that the company had pre-installed onto many of its consumer-grade Lenovo laptops sold before January 2015.
Lenovo admitted that it was caught preloading a piece of adware that installed its own self-signing Man-in-the-Middle (MitM) proxy service that hijacked HTTPS connections, the company also informed its customers that  it had “stopped Superfish software at beginning in January” 2015.

“We ordered Superfish preloads to stop and had server connections shut down in January based on user complaints about the experience.  However, we did not know about this potential security vulnerability until yesterday.  Now we are focused on fixing it.”  states an official statement released by Lenovo. “We recognize that this was our miss, and we will do better in the future. Now we are focused on fixing it.”

Graham reverse engineered the malicious software in a debugger (or IDApro), the process allowed him to extract the certificate from the SuperFish adware and cracked the password (“komodia”) that encrypted it. By using the password an attacker can potentially inject malware or spy on a vulnerable Lenovo user sharing the same Wi-Fi network.

Lenovo laptop Superfish
The US-CERT  recently issued the Alert (TA15-051A) to warn Lenovo users about that fact that Superfish Adware is vulnerable to HTTPS Spoofing.
“Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic.” states the alert. “Since the private key can easily be recovered from the Superfish software, an attacker can generate a certificate for any website that will be trusted by a system with the Superfish software installed.  This means websites, such as banking and email, can be spoofed without a warning from the browser.” 
Lenovo, with the support of Microsoft and McAfee, has developed a removal tool to clean its laptop and delete the Superfish malware.

“We apologize for causing these concerns among our users – we are learning from this experience and will use it to improve what we do and how we do it in the future,” states Lenovo. “In addition to the manual removal instructions currently available online, we have released an automated tool to help users remove the software and certificate.  That tool is here: http://support.lenovo.com/us/en/product_security/superfish_uninstall

Once again, let me suggest verification of the presence of the Superfish Adware by using the test created by the researcher Filippo Valsorda.

Pierluigi Paganini

(Security Affairs –  Lenovo, Factory pre-installed malware)