We found out on on Feb 19th that Lenovo has, for some time, been pre-installing the Superfish malware infection on many of their laptops that we buy in retail stores and online. This infection is a “man in the middle” attack, and is pretty serious.
Superfish can and does intercept what you read and type on websites, even on encrypted websites. Lenovo’s intent was to insert ads for Lenovo partners onto websites that would otherwise not have them. On it’s face this sounds annoying but not serious, but in fact what does make this so dangerous is that it breaks SSL encrypted connections, and inserts ads on encrypted websites you visit too. This is possible because Superfish uses its own CA security certificate in place of the security certificate used by legitimate encrypted websites.
If you own a Lenovo laptop you should check immediately with this tool to see if you are infected. If you are, follow these steps for removing the infection, or better yet backup your data and reinstall Windows from a trusted, known source, not from your Lenovo recovery image or DVD. Please contact me if you need help. Lenovo has published a list of affected laptops, but I’m not including that list here because, in my opinion, all Lenovo laptops are suspect and need to be checked.
Read more from Kaspersky Labs: