As a matter of fact, consumer PCs manufactured by said vendor had the potentially unwanted program pre-installed on them in the period of September 2014 – January 2015. Given the growing popularity of Lenovo products, one can imagine the attack surface and the number of infected machines. Even though serious effort has been taken ever since to eradicate the bug, some computers are reportedly still sold with the bloatware on them.
So, what
does this story have to do with cybersecurity concerns? It turns out Superfish
isn’t a run-of-the-mill adware. In order to displays advertisements to users,
which is a standard modus operandi for these digital pests, it messes with the
“sanctum” of secure Internet browsing – digital certificates. There is a CA
(Certificate Authority) registered by Superfish Inc., and the respective rogue
certificate gets automatically added to the Trusted Root Certification
Authorities on the machine. Because of this, whenever the user goes to SSL
protected websites, the web traffic gets compromised and modified so that
sponsored links by Superfish are shown to victims on those pages.
It doesn't
take a rocket scientists to tell this infection on a PC. Its ads, which often
appear embedded in Google search results, have certain common attributes,
namely the phrases “Visual Search results” and “Powered by VisualDiscovery”. By
the way, the officially declared leitmotif of this app isn't bad – it provides
the feature of online image search. However, the specificity of implementing
this objective makes the app an adware in its pure form.
No comments:
Post a Comment