What is Superfish ? | Lenovo apologize for preinstalled Man-in-the-middle attack Software in Lenovo Notebooks Ultrabooks and Desktops | How to Remove Superfish | Removing Tool | MITM MitM MIM MiM MITMA | Virus | malware

What is Superfish ?  | Lenovo apologize for preinstalled Man-in-the-middle attack Software in Lenovo Notebooks Ultrabooks and Desktops | How to Remove Superfish | Removing Tool | MITM MitM MIM MiM MITMA | Virus | malware
 

Superfish logo

What is Superfish?

Superfish is a MITM software that Lenovo has admitted and apologize on his offical website ( check below ) to pre-installing on many of its laptops to “enhance the shopping experience” of its users. However, the U.S. Computer Emergency Readiness Team calls Superfish a “Man-in-the-Middle” Attack MITMA Software because of how it Intercepts users web traffic to provide targeted advertisements.

What is “Man-in-the-Middle” Attack MITMA?

The man-in-the-middle attack ( also known as MITM, MitM, MIM, MiM or MITMA ) requires an attacker to have the ability to both monitor and alter or inject messages into a communication channel. One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle.

As an attack that aims at circumventing mutual authentication, or lack thereof, a man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to their satisfaction as expected from the legitimate other end. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, TLS can authenticate one or both parties using a mutually trusted certification authority.

Is Superfish a virus or malware? is it so dangerous?

Superfish snoops in on your web browsing and secretly slips ads into webpages. But the really dangerous part is that it’s pre-installed with root certificate authority, which allows it to impersonate any server’s security certificate.

 

If this certificate is compromised by hackers, you could be tricked into logging in to a fake website and giving hackers your password. Because of Superfish, any of your accounts—including encrypted bank accounts—could be easily compromised.

Which computers are affected?

According to Lenovo, Superfish may have been pre-installed
on the following models:

Lenovo laptop

E Series:

G Series:

S Series:

U Series:

Y Series:

Z Series:

Edge Series:

Flex Series:

MIIX Series:

YOGA Series:

E10-30

G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80

S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch

U330P, U430P, U330Touch, U430Touch, U530Touch

Y430P, Y40-70, Y50-70, Y40-80, Y70-70

Z40-75, Z50-75, Z40-70, Z50-70, Z70-80

Edge 15

Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10

MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030

YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro

Lenovo apologize for this pre-installed Software –

lenovo-apologize-for-software-superfish-virus-mallware
Source: Lenovo Official Website

Will restoring from a backup help?

Superfish has been pre-installed by Lenovo. Therefore, restoring your computer to factory condition from either a backup partition or a backup DVD will not solve the problem if Superfish is also part of your backup. Superfish would only be reinstalled, too.

So if you ever use a backup to restore your system, you may need to again remove Superfish and its root security certificate from your system.

Trash bin

How to remove Superfish now ?

How to remove Superfish and certificate from Lenovo Machines  or any browser ?

To remove the Superfish program and its certificate from your computer,

please use this free tool from Lenovo:

 

This tool will also remove any Superfish certificates
from browsers like Mozilla Firefox and Thunderbird.

How to remove Superfish Manually from your System ?

Step 1. Step 1: On Windows 8.1, Open Search

step-1-a.png

Step 2: Search for “remove programs” and select “Add or remove programs

step-2-remove.png

Step 3. In the list of installed items, locate “Superfish Inc. Visual Discovery”.

Note: If you do not find an item with the name “Superfish Inc. VisualDiscovery”, you do not have the application installed. However, you should still continue on to B) Instructions to determine if you have the SuperFish Certificate installed and how to remove it:

Step 4:  Select “Uninstall”.  The uninstall will take several seconds.  When the uninstall completes, it will automatically be removed from the list of installed programs.

uninstall-step-2.png

Step 5: After confirming the removal of the application, please follow the steps for “How to remove the SuperFish certificate”.

B) Instructions to determine if you have the SuperFish Certificate installed and how to remove it:

After uninstalling the SuperFish application, the certificate may still remain.  It is very important to delete the certificate even though the application itself has been removed.

Note: These instructions will remove the certificate from the following browsers:

– Internet Explorer
– Google Chrome
– Opera
– Safari
– Maxthon
– Any other browser that utilizes the Windows Certificate store.

 

Step 1: On Windows 8.1, Open Search

step-1-a.png

Step 2: Search for “Certificate”.  Select “Manage computer certificates”.

step-2-search.png

Step 3: When prompted by Windows, “Do you want to allow this program to make changes to this computer?”, select ‘Yes’

Step 4: The certificate manager window should appear.  On the left hand panel, select “Trusted Root Certificate Authorities” followed by the sub-folder “Certificates”.  On the right panel, find the item with the name “Superfish, Inc.”.

Note: If you do not find an item with the name “SuperFish Inc.”, the certificate is not in the Windows store. You may still need to remove it from Mozilla Firefox and Mozilla Thunderbird if you have them installed. Proceed to If you have Firefox browser or Thunderbird Email Client installed you must also perform the following for each individually.

step-4.png

Step 5. Right click on the item labeled “Superfish, Inc.” and select ‘Delete’.  On touch systems, you may select the red ‘X’ in top toolbar.
Step-5.png

Step 6. When prompted by Windows to confirm the deletion, select ‘Yes’.  The certificate should now be removed.
step-6.png

Step 7. Restart your device.

If you have Firefox browser or Thunderbird Email Client installed you must also perform the following for each individually:

Step 1. Open Firefox browser and press either the orange Firefox button

firefox

or the Settings button

settings

Step 2. Select Options from the menu

Step 3. Select Advanced from the Options window

advanced

 

Step 4. Next, select the Certificates tab, then press the View Certificates button

cert

Step 5. On the Certificate Manager window, select the Authorities tab, then scroll through the list to find and select the SuperFish, Inc. certificate. Then press the Delete or Distrust … button.

CertMgr

Step 6. In the Delete or Distrust CA Certificates window, select the Superfish, Inc. entry. Then click on OK on all open windows to accept the changes.

delete

Step 7. Restart your device.

Reminder: If you have Thunderbird and Firefox you may have to repeat these steps for each application.

 

Speak Your Mind

What City Do You See?      
 

*