Less than a week ago, it has been revealed that Lenovo, renowned and largest computer maker in the world, has been pre-installing adware along with their Windows-based PCs since September 2014 to January 2015.
SuperFish, the malicious adware program, makes Lenovo's PCs particularly vulnerable to cyber attacks. What SuperFish bug does, is fiddle with encryption certificates which use HTTPS protocol, and alter the certificates codes to view ads fished from the web. What adds fuel to the fire, is that HTTPS is designed for safe web browsing where, by design, ads and adware aren't allowed.
But unwanted ads emerging while we browse the Internet isn't the only security risk caused by SuperFish. By messing with encryption certificates, SuperFish leaves Lenovo computers unsecured while their owners use shared WiFi connection in public places. When that connection is not encrypted, it can be easily manipulated with, and, as a result, users can be redirected to dangerous sites instead of those they trust.
But that's not the end of the story.
Few days ago, researchers discovered and then distributed password which makes it possible for virtually anyone to hack into the Lenovo's laptops Internet connection through the certificates changed by SuberFish bug. This allows owners of public WiFi networks to spy and interfere with computers which have SuperFish software installed.
Since the news has been revealed, Lenovo has already released an apology along with removal tool for SuperFish which can be found here. Additionally, Lenovo provided step-by-step SuperFish removal instructions for Windows 8.1.
Unfortunately, with the release of password for the certificate authority of the Superfish, removing the software isn't enough, as the faulty certificated stays intact saved within the browser. What users have to do, is to make sure that the certificate is removed, as this is the only guarantee that their computer is safe from the attacks.
If you aren't sure whether your computer is safe, remember to always connect through secure VPN connection while you use public WiFi networks.
To test whether your computer is infected with SuperFish check out this link. The website will also guide you how through the removal process of the faulty certificate.
Remember that not all Lenovo products had SuperFish bug pre-installed, you can find the official list of laptops which were equipped with the bug here.
If you have difficulties in handling the SuperFish bug situation on your own, or suspect that your computer is in danger of being attacked, do not hesitate to contact our Geeks for complex Viruses, Spyware and Malware Removal for home users, and business owners to ensure that your data and passwords are safe.