Lenovo Publishes Superfish Adware Removal Instructions, But Still Faces Major Lawsuit

Lenovo

Chinese computer company Lenovo has issued instructions and software to its users on how to remove the Superfish program from their Windows 8.1 laptops, but it may be too late for them to avoid legal action.

According to a CBS News report, researchers revealed Thursday that a vulnerability found in Superfish software, which was pre-loaded on many Lenovo laptops, could allow hackers to mimic shopping and banking websites that could trick users into providing sensitive credit card numbers and other personal data. The company has since apologized for pre-loading the software with select laptops.

"Superfish was installed on more than 11 types of Lenovo laptops sold to the public between September 2014 and January 2015, including the popular Yoga and Flex models, but not ThinkPads," Lenovo said to CBS News.

Lenovo has published Superfish removal instructions on its website. The Beijing-based company also created software that would automatically remove the malware.

However, some users have threatened to sue Lenovo over the malware fiasco. According to Agam Shah of PC World, a proposed class-action suit was filed against both Superfish and Lenovo, accusing both companies of "fraudulent" business practices and making users' computers vulnerable to malicious attacks with the pre-loaded software.

"Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called 'spyware' in court documents," Shah wrote. "She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits."

Shah added that the lawsuit was filed in the U.S. District Court for the Southern District of California. A spokesperson from Lenovo declined to comment on the lawsuit.

Gregg Keizer of Computerworld reported that Lenovo would work alongside antivirus vendor McAfee and Microsoft to remove all traces of the Superfish software. The company explained how this process would work.

"We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies," Lenovo said in a statement issued on Friday. "These actions have already started and will automatically fix the vulnerability even for users who are not currently aware of the problem."

Lenovo contended in its statement that it "did not now about this potential security vulnerability until yesterday." Keizer explained how the Superfish software was supposed to work.

"To serve ads on encrypted websites, Superfish installed a self-signed root certificate into the Windows certificate store, as well as into Mozilla's certificate store for the Firefox browser and Thunderbird email client," Keizer wrote. "That Superfish certificate then re-signed all certificates presented by domains using HTTPS."

Keizer described this process as a "man-in-the-middle" (MITM) attack that would allow hackers "to spy on supposedly secure traffic between a browser and a server."

"All hackers needed to do was crack the password for the Superfish certificate to launch their own MITM attacks by, for example, duping Lenovo PC users into connecting to a malicious Wi-Fi hotspot in a public place, like a coffee shop or airport," Keizer wrote. "Cracking the password proved laughably easy, and within hours it was circulating on the Internet."

Ken Westin, a security analyst at security firm Tripwire, told Keizer that Lenovo and other players in the PC industry to shop pre-loading third-party software on their products. He argued that such "bloatware" carried both security and privacy threats.

"When they pull this kind of stuff, I know I don't want to buy a Lenovo," Westin said.

Lenovo has published a full list of the affected laptops on its website.

    Most Popular
  • Is 'The Last Supper' worth watching? Audience and critics weigh in

    Is 'The Last Supper' worth watching? Audience and critics weigh in

    Faith-based films often receive mixed reactions, and The Last Supper is no exception. The movie attempts to bring a fresh perspective to one of the most iconic moments in Christian history, but does it succeed? Some reviews from critics and audiences provide insight into its strengths and shortcomings.

  • ‘The Chosen’ Season 5: The darkest season yet—What to know before watching

    The wait is over—The Chosen is back with its fifth season, and this time, things are getting intense. The new episodes dive straight into the final days of Jesus’ life, covering some of the most emotional and dramatic moments in the Bible. If you’ve been following the series, you already know that The Chosen isn’t just about retelling familiar stories—it’s about bringing them to life in a way that feels real.

  • Massacres in Syria: Over 1,000 dead, including Christians and Alawites

    Syria’s coastal regions have been devastated by a series of massacres, with reports indicating that over 1,000 people—many from Christian and Alawite communities—have been killed in brutal attacks. Entire families have been wiped out, and survivors are fleeing in search of safety as sectarian violence escalates.

  • Kim Sae-ron and Wheesung: The tragic irony of Korean society and the principles of happiness

    Not long ago, the media was in an uproar over actress Kim Sae-ron’s passing. Just months before, the same people who had relentlessly criticized her for her DUI incident were now expressing sympathy, saying, "The world was too harsh on her." The irony is impossible to ignore.

  • Newsboys move forward as a quartet after Michael Tait’s departure

    After more than a decade as the lead singer of the Newsboys, Michael Tait has officially parted ways with the band, marking a significant shift in the Christian rock group’s lineup. The remaining members—Jeff Frankenstein, Jody Davis, Duncan Phillips, and Adam Agee—have assured fans that they will continue forward, embracing a new season of music and ministry.