Lenovo caught installing adware on new computers

MSE | Windows Defender flag "Superfish" as:
Trojan:Win32/Superfish.A
http://www.microsoft.com/security/p...ntry.aspx?Name=Trojan:Win32/Superfish.A#tab=1

 

One that jumps out is Lavasoft. From Wikipedia:

Unintentional irony there?

I wonder whether any other anti-malware apps break HTTPS in similarly stupid ways.

 

An example of what you can do if people leave the SuperFish certificate installed on your computer:
http://blog.erratasec.com/2015/02/exploiting-superfish-certificate.html

 

Hello Everyone,

Zemana AntiLogger Pro & Free versions build last year successfully blocks the Lenovo superfish root CA certificate. (Including the other third-party software using komodia SSL sniffing/hijacking SDK)
Here is the video: http://youtu.be/FRyw6n-FMK4

if someone wants to test it out and see if how it works please PM me so I can send you the installer of Lenovo StarFisher.

 

Can Lenovo afford such negative publicity, again? … And Windows, the damage?

SuperFish Removal Tool from Lenovo will automatically uninstall the malware

 

Is Lenovo the only brand doing this?

 

According to the IB Times - no:
http://www.ibtimes.co.uk/superfish-spyware-not-limited-lenovo-laptops-1488859

 

I installed W7 on both of my laptops from a retail cd. I guess superfish is preinstalled with the manufacture OS.

 

OMG What a block-head business decision.

Almost as block-headed as my misunderstanding that Lenovo was a Russian Company.

As of 2012 Lenovo has been The Official "Laptop, Workstation, PC" sponsor of the NFL.

Have not yet read of any announcements of NFL investigating reports of under-inflated Lenovo Laptops.

 

Cool, I asked about this earlier in the thread. Did it stop it by monitoring for certificate installation? Can you give some more technical details?

 

Only Lenovo and several other PC brands are bundling the SuperFish adware at the factory.

Installation CD's should not have this issue. Reach out to Microsoft on this to be 100% certain.
I've not heard of any cases of folks getting infected via a CD. This would be a first instance.

• EDIT to show -
The unwelcome and potentially dangerous software was preinstalled on some Lenovo consumer PCs between September and December 2014. If you purchased a Lenovo PC before that date, you're unlikely to be affected. PCs sold in January or February might still be at risk if they were shipped during the last quarter of 2014 and have been on warehouse or store shelves in the interim.

http://www.zdnet.com/article/microsoft-updates-windows-defender-to-remove-superfish-infection/

 

If you're using software that can prevent modifications of files and registry keys(HIPS for example) you can set them to protect the root certificates.

Windows Root Certs(includes Internet Explorer, Chrome, Safari and lots of other softwares):
HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Firefox and Thunderbird Root Certs:
cert8.db in your Profile folders.(For example, FF's certs on Win7 can be found here C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default\cert8.db)

 

The folks at Last Pass also have a SuperFish tool.
https://lastpass.com/superfish/

 

Will do, thanks.

 

Yes, because encrypted traffic cannot be inspected, any type of application (whether it is malicious or not), in order to inspect SSL traffic, must utilize an SSL proxy and install a fake root certificate into the trusted certificate store; this way they trick the browser into believing that the proxy certificate is valid, and avoid displaying a warning.

When Zemana "SSL Intrusion Prevention" feature is active, it does not let the browser trust in fake certificates.

Most of the banker Trojans use the same SSL proxy technic for webinjection: https://web.archive.org/web/20150220024518/http://www.komodia.com/ad-injection-sdk/

There are other techniques such as hooking SSL encryption APIs (Zeus, Carberp and etc) and via browser toolbars. AntiLogger Pro & Free covers all of them.

 

SSL-busting code that threatened Lenovo users found in a dozen more apps

http://arstechnica.com/security/201...ened-lenovo-users-found-in-a-dozen-more-apps/

 

Thanks for the feedback. Can you perhaps give some more info about the Zemana "Trust-list", what is the purpose? Perhaps I'm going to give Zemana AL Free a try. A bit off topic, but I hope you can improve the GUI of Zemana AL Pro, to make it look more like the free version, or perhaps like Zemana AntiMalware. The current one is really bad.

 

Comodo Privdog is even worse than SuperFish. It just totally destroys HTTPS!

https://blog.hboeck.de/archives/865-Comodo-ships-Adware-Privdog-worse-than-Superfish.html

 

So Lavasoft has come out on their Facebook page with the announcement that their web filtering app uses the Komodia SDK:

 

Interesting, I'll look into it. I used Comodo Dragon much before, and at that time there's no Privdog but they re-introduced it after that.

[EDIT:] I've read the blog and it seems too much bad. If Comodo can't make any persuasive counter argument about its security implication, I can not to trust Comodo any more.

 

Here you can find Melih's respond
https://forums.comodo.com/help-priv...t-hijacks-your-ssl-connections-t109892.0.html

And discussion of privdog
https://forums.comodo.com/general-s...ish-vulnerability-ssl-hijacker-t109881.0.html

 

Mozilla mulls Superfish torpedo

http://www.theregister.co.uk/2015/02/23/mozilla_mulls_super_phish_torpedo/

 

Will Pale Moon browser offer the same protection?