After Edward Snowden documents leaks, people came to know that NSA have installed its backdoor in numbers of companies products and it also trace all the calls and data of the users. Leaks documents reveal many organisation and companies names which installed NSA backdoor in its products.
Now a report claims that Lenovo has been installing adware on its new consumers computers. On the Lenovo forums, a user claims that Lenovo computers come with pre-installed Adware called "SuperFish". The software injects third-party ads on Google searches and websites without the user’s permission.
A Lenovo community administrator, Mark Hopkins, wrote in late January that the software would be temporarily removed from current systems after irate users complained of popups and other unwanted behaviour:
Now a report claims that Lenovo has been installing adware on its new consumers computers. On the Lenovo forums, a user claims that Lenovo computers come with pre-installed Adware called "SuperFish". The software injects third-party ads on Google searches and websites without the user’s permission.
We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues. As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.Superfish appears to affect Internet Explorer and Google Chrome on these Lenovo computers.
Moreover, another users report that the Superfish adware actually install its own signed certificate authority which effectively allows the software to snoop on secure connections, like banking websites as pictured in action below.
Threats for MITM Attack
Installing the Self-signed certificates is malicious activity, commonly called as Man-in-the Middle Attack (MITM). These certificates allow the software to decrypt secure request made by the browsers. It also snoops the request made by the users from browsers to the web server.
Many of the antivirus have reported the Superfish as an adware and recommended to remove it. You can also check the video tutorials for manual removing of the adware application.
The date of the post on the Lenovo forum is of last yeat 2014, so if this claim is true, then you can imagine that how much these adware has been shipped.