Lenovo caught installing adware on new computers

Discussion in 'malware problems & news' started by SweX, Feb 19, 2015.

  1. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://thenextweb.com/insider/2015/02/19/lenovo-caught-installing-adware-new-computers/
     
  2. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    Seems that this is going to be a trend across all electronics in the near future. I read that Samsung is embedding Pepsi ads in their smart-TVs even when a consumer is watching a home movie. A lot of free software comes with ads and we can no doubt expect paid software to follow suit. Computer hardware is just another mule. It will not stop there - IOT will be the mother of all mules.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    From https://news.ycombinator.com/item?id=9072424 I get that this involves MitM, and that all affected consumer laptops have the same certificate. Quoting TeMPOraL:
    This may become very funny (in a sick way, yes) soon :eek:

    Edit: Maybe sooner: https://twitter.com/supersat

    Edit2: Test sites: https://www.canibesuperphished.com/ and https://filippo.io/Badfish/
     
    Last edited: Feb 19, 2015
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    No better reason I can think of to do a bare metal wipe with a fresh, clean install of the OS after buying that new computer...
     
  5. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    433
    Location:
    Hengelo
    You can also run HitmanPro to look for the Superfish malware and SSL root certificate:

    SuperfishEN.png
     
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Well yes. But the problem is that it's even necessary to do that in the first place. People should not have to shell out an extra $100 or whatever, just for the privilege of having an OS that isn't malware infested the first time it boots. This is anti-consumer garbage.

    IMO Microsoft needs to step up on this - they should modify their OEM licensing, to prohibit OEMs from preinstalling software they haven't okayed. Companies selling computers with their operating system should be required to play by their rules.
     
  7. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  8. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,279
    I agree. In no case should people need to do a clean install of the OS in a new computer. This seems absurd to me.
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Fail, the password protecting the private key is the name of the company behind the SSL hijacker:
    http://www.komodia.com/
     
  11. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,517
    Location:
    USA - Back in a real State in time for a real Pres
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I knew that I couldn't trust Lenovo, shame on them!

    Would HMPA also be able to stop this MITM attack? I haven't read everything yet, but these tools will often modify browser memory. I believe Zemana is already watching for certificate tampering, but then again, it also has a trust-list.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  15. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    How to remove the dangerous Superfish adware preinstalled on Lenovo PCs
    Proceed with all precautions - contact your Lenovo reseller if unsure.
    http://www.pcworld.com/article/2886...erfish-adware-presintalled-on-lenovo-pcs.html
     
  16. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    If internet was taken seriously someone would have to go to jail in this case.
     
  17. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
  19. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    http://arstechnica.com/security/201...do-enough-promises-to-wipe-superfish-off-pcs/
     
  20. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Well Lenovo just got kicked to the curb as possible new laptop for myself.
     
  21. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,238
    That's a shame as the quality of them is first rate.
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
  23. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    357
    "Good, Superfish is probably not intercepting your connections."
    Probably? They aren't even sure...
     
  24. guest

    guest Guest

    And that is why I would never use preinstalled OS, aside of it's usually full of crap spamming your desktop. But this would get harder to deal with when they started to put one of these into the hardware.
     
  25. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    I do not believe that the pre-installation of this adware should in any way reflect badly on lenovo because the quality of their laptops is top-notch.A bare-metal wipe of the hard drive and a fresh installation of any os of choice would be a wise choice of action.
     
Loading...