However, the U.S. Computer Emergency Readiness Team calls Superfish a “man-in-the-middle attack” because of how it “intercepts users’ web traffic to provide targeted advertisements.”
Why is Superfish so dangerous?
Superfish snoops in on your web browsing and secretly slips ads into webpages. But the really dangerous part is that it’s pre-installed with root certificate authority, which allows it to impersonate any server’s security certificate.
If this certificate is compromised by hackers, you could be tricked into logging in to a fake website and giving hackers your password. Because of Superfish, any of your accounts—including encrypted bank accounts—could be easily compromised.
Which computers are affected?
According to Lenovo, Superfish may have been pre-installed on the following models:
laptop
E Series:
E10-30
G Series:
G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45, G40-80
S Series:
S310, S410, S40-70, S415, S415Touch, S435, S20-30, S20-30Touch
U Series:
U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series:
Y430P, Y40-70, Y50-70, Y40-80, Y70-70
Z Series:
Z40-75, Z50-75, Z40-70, Z50-70, Z70-80
Edge Series:
Edge 15
Flex Series:
Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 Pro, Flex 10
MIIX Series:
MIIX2-8, MIIX2-10, MIIX2-11, MIIX 3 1030
YOGA Series:
YOGA2Pro-13, YOGA2-13, YOGA2-11, YOGA3 Pro
Source: Lenovo
Will restoring from a backup help?
Superfish has been pre-installed by Lenovo. Therefore, restoring your computer to factory condition from either a backup partition or a backup DVD will not solve the problem if Superfish is also part of your backup. Superfish would only be reinstalled, too.
So if you ever use a backup to restore your system, you may need to again remove Superfish and its root security certificate from your system.
Remove Superfish now
To remove the Superfish program and its certificate from your computer, please use this free tool from Lenovo:
DOWNLOAD Superfish Removal Tool:
https://www.us-cert.gov/ncas/alerts/TA15-051A
This tool will also remove any Superfish certificates from Mozilla Firefox® and Thunderbird®.
If you have purchased a Lenovo computer from itconnexion, Superfish will be removed (if it is detected) on the next patch management service. This service is free-of-charge if you are a client of itconnexion. For more information contact our friendly team of experts or send us an email at [email protected].