Lenovo notebook pre-loaded with malware, and see if you got infected

note: hunting cloud, the media found that the recent purchase of lenovo’s consumer laptop implanted into a named “Superfish” advertising application, then the official temporarily removed from the pre-installed software list, then provides the specialized documents guiding users to uninstall software.

the following content from next assigned

lenovo consumer laptop to be implanted with a man named “Superfish” advertising application. This unsolicited advertising program will activate the new for the first time in the user to buy lenovo computers installed automatically, and to be hijacked by an intermediary SSL links, in the case of without the consent of the user at the same time affect the IE and Chrome browser on the search engines such as Google search results.

it is understood that a named Mark Hopkins (Mark Hopkins) association of online community manager has said in late January, due to the received more and more users complain that the software has been temporarily removed from the pre-installed software list.

“we have temporarily removed from lenovo’s consumer equipment system Superfish, until the issue is resolved. For those who have sold a lenovo consumer equipment, we have asked Superfish to launch an update to solve this problem.” Hopkins wrote in lenovo BBS.

meanwhile, Hopkins argues that this app can help users find and found the products, and you can image analysis was carried out on the shopping in the search engines, search to find a lower price. And, of course, the user can also at the time of first to use a computer by refusing to Superfish user terms to ban this software enabled.

in the reported there is installed on the user’s computer security vulnerabilities adware, lenovo later issued a detailed guide to remove the software.

lenovo provide a PDF file, guiding users to uninstall Superfish software and remove the relevant security certificate. The guide easy to understand, users only need to spend a few minutes to complete.

in September 2014 to December, the production of the following types of computer with the ads software:

G series: G410 G510, G710, G40-70, G50-70, G40-30, G50-30, 45, G40 – G50-45

U series: U330P U430P, U330Touch, U430Touch, U530Touch

Y series: Y430P Y50, Y40-70-70

Z series: Z40-75, z50’s – 75, Z40-70, z50’s – 70

S series: S310 S410, S40-70, S415, S415Touch, S20-30, S20-30 touch

Flex series: Flex2 14 d, 15 d, Flex2 Flex2 14, 15, Flex2 Flex2 14 (BTM), Flex2 15 (BTM), Flex 10

MIIX series: MIIX2-8, MIIX2-10, MIIX2-11

YOGA series: YOGA2Pro – 13, YOGA2-13, BTM YOGA2 11 YOGA2-11 HSW

E series: E10-30

at the same time, lenovo ongoing crisis public relations, reduce the influence of the incident. Peter Hortensius, chief technology officer (Peter Hortensius) accepted an interview with the Wall Street journal and bloomberg, but he avoided talking about serious problems Superfish root certificate authority.

hortensius said security analysts are dealing with “theoretical problem”, “we didn’t find any malicious behavior.” However, security analysts think the software make lenovo users are exposed to considerable potential safety hazard.

the electronic frontier foundation said in its official website published the article “lenovo not only advertising is injected in a very unfair way, and brought considerable potential safety hazard to the user.”

lenovo are writing can completely remove Superfish software, will be announced in the near future. Hortensius admitted in an interview with bloomberg lenovo “made a mistake, our engineer failed to notice the problem. We will not escape from a problem – we will solve this problem.”