Lenovo laptops ship with malware called Superfish

February 23, 2015 Logan Bibby

Lenovo is a popular brand of laptop computers sold in the US. They have low end consumer models all the way up to high end business. And for the past two years, some models have been coming preinstalled with a nasty piece of malware called Superfish Visual Discovery.

At the surface, Superfish seems quite innocuous. It replaces Google text ads with image-based advertisements in search. Annoying, but harmless in the grand scheme of things.

However, it seems like Superfish can be quite dangerous. The folks at LastPass, a password manager, explained why quite well in a recent blog post:

It was discovered that the Superfish software was installing its own self-signed Root Certificate Authority so that the Superfish software always appears as a trusted party. The Superfish software would have the ability to then intercept supposedly-secure communications to websites via a man-in-the-middle attack. Researchers also confirmed that hackers on the same network, like an open WiFi hotspot at a coffee shop, can exploit Superfish to steal things like your banking login details or to read your emails.

If you have a Lenovo, priority number one is to get Superfish taken off as soon as possible. Thankfully, Lastpass has made it easy to detect the vulnerability caused by Superfish by using an image.

If you see an image that says “You are safe!” on that page, then great! You can stop reading now and rest assured you aren’t vulnerable to the attacks described above. However, if you see anything else, you’ll need to remove the program Superfish and the root certificate it installed.

To uninstall Superfish:

  1. Click on the Windows Start button.
  2. Type “Control Panel” in the search box (or, if you’re using Windows 8, just start typing).
  3. Click on the Control Panel program to open it.
  4. Click “Programs and Features“. If you don’t see it, select “Small Icons” from the View By dropdown.
  5. Scroll through and find “Superfish Inc VisualDiscovery“, right-click, and choose “Uninstall.”
  6. You will need administrative access to remove, so you may have to contact your system administrator for that access.

To remove the root certificates:

  1. Click on the Windows Start button.
  2. Type “certmgr.msc” into the search box (or, if you’re using Windows 8, just start typing). Note: you may need to type the entire program name for it to show as a result.
  3. Click the certmgr program to open it.
  4. You will need administrative access to open the program, so you may have to contact your system administrator for that access.
  5. Click on “Trusted Root Certification Authorities” on the left-hand side.
  6. Double-click on “Certificates” on the right-hand side.
  7. Look for certificates mentioning “Superfish Inc.” under the Issued To, Issued By, or Friendly Name columns; right-click on that certificate, and click “Delete”. Confirm the deletion.
  8. Once you’re finished deleting certificates, close certmgr and restart your browser.
  9. Check back here to ensure you’re safe!

If you need any assistance, our Consumer Services folks will be happy to help! Fill out the form below to get a call or e-mail back from our staff.