Windows 8 Club
October 15, 2018, 06:34:01 am
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Administrator web: http://bluecollarpc.us
 
  Home Help Search Arcade Gallery Links Staff List Login Register  

Lenovo Slipped Superfish Malware Into Laptops (Windows 8.1)

Pages: [1]   Go Down
  Print  
Author Topic: Lenovo Slipped Superfish Malware Into Laptops (Windows 8.1)  (Read 34 times)
gerald309
Administrator
Hero Member
*
Offline Offline

Posts: 509



WWW
Badges: (View All)
« on: March 01, 2015, 10:52:55 pm »

Lenovo Slipped Superfish Malware Into Laptops (Windows 8.1)
February 27, 2015 — bluecollarpc
https://bluecollarpcwebs.wordpress.com/2015/02/27/lenovo-slipped-superfish-malware-into-laptops-windows-8-1/

Lenovo Slipped Superfish Malware Into Laptops (Windows 8.1)

If you have missed the security furor over Lenovo pre-installing adware (antispyware catagory of antimalware products) you may want to check out these news links for information, degree of danger, and most importantly removal instructions (easy).

It is absolutely recommended to remove this immediately by all. Lenovo has been caught and publicly apologized. Just about all new computers come with what they used to call “bloatware” which is a handful of extra softwares which some may find useful. They take up space and may even slow down performance. But this is a big no-no Lenovo has done. It became as infamous as the Sony Rootkit malware they bundled in downloads, of music I believe it was, a good while ago.

A snippet…. (Removal help/instructions below)

“…The furor blew up because Lenovo installed Superfish adware on consumer laptops sold between September 2014 and January 2015. All these laptops were running Microsoft Windows 8.1. Your laptop fits the time frame, but you may have escaped for two reasons. First, Superfish was not installed on Lenovo’s business machines, such as ThinkPads. Second, it was not installed on laptops running Windows 7, which is still the business standard…..”
SOURCE: http://www.theguardian.com/technology/2015/feb/26/how-can-i-find-and-remove-superfish-and-similar-malware

LINKS: / PRESS

US-CERT: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing
https://www.us-cert.gov/ncas/alerts/TA15-051A

Lenovo Slipped ‘Superfish’ Malware Into Laptops
malaysiandigest.com
LenovoComputer maker Lenovo has been shipping laptops prepackaged with malware that makes you more vulnerable to hackers — all for the sake …
http://www.malaysiandigest.com/technology/542592-lenovo-slipped-superfish-malware-into-laptops.html

Lenovo computers come with pre-installed adware and MITM proxy
Posted on Feb 19, 2015 10:45 am
If you have recently bought a new Lenovo computer, you’re in for a nasty surprise: the company has been shipping them with pre-installed adware. And, what’s even worse, the software in question is…
Read in browser »
http://www.net-security.org/secworld.php?id=17973

Lenovo apologises for preinstalling malware on its PCs that can snoop on
its customers’ bank …
SmartCompany.com.au
The preinstalled malware, known as Superfish, intercepts and decrypts
secured HTTPS connections, which are used to send sensitive information …
http://www.smartcompany.com.au/finance/45798-lenovo-apologises-for-preinstalling-malware-on-its-pcs-that-can-snoop-on-its-customers-bank-accounts.html#

US cyber-cops declare WAR on Superfish ad-spewing malware lurking in Lenovo laptops
The Register
The US government’s Computer Emergency Readiness Team (US-CERT) today said the Superfish ad-injecting malware installed by Lenovo on its …
http://www.theregister.co.uk/2015/02/20/superfish_is_malware_us_government/

– REMOVAL HELP:

Superfish Uninstall Instructions (Lenovo Website)
http://support.lenovo.com/us/en/product_security/superfish_uninstall
NOTE: Please download and run the Automatic Removal tool executable to ensure complete removal of Superfish and Certificates for all major browsers.

Superfish malware: how do you know if your computer is affected? And how do you get rid of it?
Belfast Telegraph
The Superfish malware that was revealed last week to have been installed onto Lenovo laptops could allow hackers to watch your internet activity and …
http://www.belfasttelegraph.co.uk/technology/superfish-malware-how-do-you-know-if-your-computer-is-affected-and-how-do-you-get-rid-of-it-31015018.html

How to wipe Superfish adware and offending cert from your Lenovo laptop
Posted on Feb 20, 2015 12:38 pm
After the recent revelation that Lenovo has been shipping some of it laptops with pre-installed adware that’s also breaking the security of secure connections by using self-signed MITM SSL certificate…
Read in browser »
http://www.net-security.org/secworld.php?id=17979

How to remove the dangerous Superfish adware preinstalled on Lenovo PCs
PCWorld
You can revoke that certificate manually, however. Here’s how, as told to PCWorld by Chris Boyd, a malware intelligence analyst at Malwarebytes. ….
http://www.pcworld.com/article/2886278/how-to-remove-the-dangerous-superfish-adware-presintalled-on-lenovo-pcs.html
Report Spam   Logged

Administrator
http://windows8club.freesmfhosting.com/index.php
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005

Social Buttons

gerald309
Administrator
Hero Member
*
Offline Offline

Posts: 509



WWW
Badges: (View All)
« Reply #1 on: March 01, 2015, 10:56:56 pm »

Original post at my security alerts list;
https://groups.google.com/forum/#!msg/bluecollarpcsecurity/Y9KJGYyhDDU/dwbYYgMeQNMJ

Fwd: TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

-------- Forwarded Message --------
Subject:    TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing
Date:    Tue, 24 Feb 2015 00:34:16 -0600
From:    US-CERT <US-...@ncas.us-cert.gov>
Reply-To:    US-...@ncas.us-cert.gov
To:    gera...@gmail.com


NCCIC / US-CERT

National Cyber Awareness System:
TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing
02/20/2015 07:07 AM EST
https://www.us-cert.gov/ncas/alerts/TA15-051A


Original release date: February 20, 2015 | Last revised: February 24, 2015
Systems Affected

Lenovo consumer PCs that have Superfish VisualDiscovery installed.
Overview

Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic.
Description

Starting in September 2014, Lenovo pre-installed Superfish VisualDiscovery spyware on some of their PCs. This software intercepts users’ web traffic to provide targeted advertisements.  In order to intercept encrypted connections (those using HTTPS), the software installs a trusted root CA certificate for Superfish. All browser-based encrypted traffic to the Internet is intercepted, decrypted, and re-encrypted to the user’s browser by the application – a classic man-in-the-middle attack.  Because the certificates used by Superfish are signed by the CA installed by the software, the browser will not display any warnings that the traffic is being tampered with.  Since the private key can easily be recovered from the Superfish software, an attacker can generate a certificate for any website that will be trusted by a system with the Superfish software installed.  This means websites, such as banking and email, can be spoofed without a warning from the browser.

Although Lenovo has stated they have discontinued the practice of pre-installing Superfish VisualDiscovery, the systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken.

To detect a system with Superfish installed, look for a HTTP GET request to:

superfish.aistcdn.com

The full request will look like:

http://superfish.aistcdn.com/set.php?ID=[GUID]&Action=[ACTION]

Where [ACTION] is at least 1, 2, or 3.  1 and then 2 are sent when a computer is turned on. 3 is sent when a computer is turned off.

Superfish uses a vulnerable SSL decryption library by Komodia. Other applications that use the library may be similarly affected. Please refer to CERT Vulnerability Note VU#529496 for more details and updates.
Impact

A machine with Superfish VisualDiscovery installed will be vulnerable to SSL spoofing attacks without a warning from the browser.
Solution

Uninstall Superfish VisualDiscovery and associated root CA certificate

Users should uninstall Superfish VisualDiscovery. Lenovo has provided a tool to uninstall Superfish and remove all associated certificates.

It is also necessary to remove affected root CA certificates. Simply uninstalling the software does not remove the certificate. Microsoft provides guidance on deleting and managing certificates in the Windows certificate store. In the case of Superfish VisualDiscovery, the offending trusted root certification authority certificate is issued to “Superfish, Inc.”

Mozilla provides similar guidance for their software, including the Firefox and Thunderbird certificate stores.
References

    [1] Lenovo Statement on Superfish
    [2] CERT VU#529496
    [3] Delete a Certificate
    [4] View or Manage a Certificate
    [5] Deleting a root certificate
    [6] Lenovo Superfish Uninstall Instructions

Revision History

    February 20, 2015: Initial release
    February 20, 2015: Clarified software release dates
    February 24, 2015: Updated description and solution details

This product is provided subject to this Notification and this Privacy & Use policy.
OTHER RESOURCES:
Contact Us | Security Publications | Alerts and Tips | Related Resources
STAY CONNECTED:
Sign up for email updates
This email was sent to gera...@gmail.com using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110    Powered by GovDelivery



--
SENDER: gerald309 --
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005

« Last Edit: March 01, 2015, 10:58:47 pm by gerald309 » Report Spam   Logged

Administrator
http://windows8club.freesmfhosting.com/index.php
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005
Pages: [1]   Go Up
  Print  
 
Jump to:  

Bookmark this site! | Upgrade This Forum
Free SMF Hosting - Create your own Forum

Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy