Lenovo malware superfish

  • 20 February 2015
  • 7 replies
  • 68 views

Userlevel 3
Badge +5
Thanks to the Thread "Lenovo Ships Computers with adware..."  I was able to remove the malware badfish loaded on my lenovo laptop by the manufacturer.  Does anybody know if WSA would have blocked this malware on its own without me manually uninstalling the software and certificate?

7 replies

Userlevel 7
Badge +56
We do block it as malware - although if you bought the computer with it pre-installed then the certificate might still have stayed.  I'll have to check on that one.
Userlevel 3
Badge +5
Thanks for the help. I did buy it with the software preinstalled, but I removed the software and certificate according to the instructions provided in the thread in the security news board.  I was just curious about weather WSA could block the threat without the manual removal.  
Userlevel 7
In fact, from what I have just read:
 
"Reacting to complains, Lenovo has said that it has disabled Superfish and will provide customers with a tool that could permanently remove Superfish malware from the Windows PC. The company also backed Superfish saying that it is not an adware, but is designed to display targeted ads by analysing images of products that a user might see on the web." Source:
TheWindowsClub.
 
In my opinion the last sentence is not going to win Lenovo any new friends...LOL.
 
Badge +13
I have WRSA Complete installed on a Lenovo, although not a model reportedly affected (???). Wondering whether WRSA would detect this rootkit if it were already installed. Thanks.
Userlevel 7
It's not a rookit, as said above we remove the program but the cert will have to be manually removed. Lenovo have released a tool to remove it. 
Badge +13
Hello, Rakanisheu...
I thought this malware is installed at the BIOS level, and that it loads before the Windows main OS does, giving it a capability to modify the OS, or otherwise operate without detection. Isn’t that what a rootkit does? Thanks. -- Donald
Userlevel 7
No its a combination of a root certificate and a toolbar, the combination can potentially allow a man in the middle attack. BIOS malware is extremely rare and realistically speaking your average user will never encounter it. 

Reply