Security researchers have discovered a vulnerability in a piece of adware called Superfish that makes your computer vulnerable to all kinds of attacks. Superfish ships preloaded on many Lenovo computers, but can also be installed on any machine. Here's what's going on and how to test if you're infected.


What Superfish Is

Superfish is basically your run-of-the-mill adware software, but with some big security holes. Lenovo pre-installed it on some computers sold between October 2014 and December 2014, but any Windows computer can be infected. At its core, Superfish is meant to place advertisements in your web browser. The problem is that the software also intercepts encrypted traffic, which opens up your computer to man-in-the-middle attacks (which work similar to the Heartbleed security bug from last year).


Not only that, but Superfish also intercepts HTTPS connections. A post over at Errata Security shows that that the HTTPS certificate is incredibly easy to crack, which makes you even more vulnerable. For example, security research Chris Palmer found that when he visited Bank of America's web site on a computer with Superfish installed, the bank's certificate was signed by Superfish rather than VeriSign. This means attackers could use the certificate to create fake HTTPS web sites that grab your passwords, or even create viruses that are "signed" to look legitimate. Update: Lenovo's released a list of affected machines here, but it's still worth following the instructions below just to double-check.

How to Test Your Computer and Remove the Superfish Software and Certificates

Thankfully, it's easy to test to see if your computer is affected by Superfish. We had a handful of Lenovo PCs to test on and all ours were clear, but it only takes a second to test yours, so it's worth testing regardless of what type of Windows machine you have. Uninstalling and removing Superfish is a bit more complicated, though.


Head to this link LastPass has a tool as well Open the Windows Start menu or Start screen and search for "Uninstall a program". Launch it. Right-click on "Superfish Inc VisualDiscovery" and select "Uninstall," then enter your administrator password. Next, you need to uninstall the certificates. Head back to the Start menu and search for certmgr.msc. Launch it. Click on "Trusted Root Certification Authorities" and open Certificates. Look for any certificates that include Superfish Inc, and right-click to delete them Restart your browser then head back to the link in step 1 to test your computer.

With that, your system should be clear of Superfish. If you use Firefox or Thunderbird, you may want to check their certificate stores too using these instructions. Update: There are conflicting reports out there, with some people saying that uninstalling certificates isn't enough. However, most people, including Microsoft themselves, say removing the certificates should be adequate. If you want to be extremely thorough, you could always do a clean install of Windows without all the bloatware.


If you'd like a little more info about the technical (and historical) side of everything, Ars Technica, The Next Web, and Forbes all dig a little deeper.

Advertisement