Superfish is a widespread problem online, not just Lenovo – report

23 Feb 2015

Image via Erik/Flickr

The adware known as Superfish, which dunked computer maker Lenovo in hot water last week, is much more widespread online and often disguised in games, search assists and parental control software.

Last week, Lenovo had been found to be installing Superfish into its computers before they left the factory towards the end of last year. The company has since halted the installation of Superfish, at least for the time being.

The adware worked in such a way that those who bought the Superfish-affected laptops would see search results promoted by third-party companies that would not be sanctioned by the search engine in a much-criticised practice that’s not just annoying, but also leaves that person’s computer open to ‘man-in-the-middle’ attacks because it exploits a browser’s encryption software.

Now, however, it’s not just Lenovo computers that are under threat. The Guardian reported anyone who has dealt with Komodia, a company that has been flogging its SSL hijacking software, marketed as SSL Decoder, is under threat, too.

Independent security researcher Marc Rogers has been analysing Komodia’s software prevalence on the internet and found it is widespread across the internet, including in software designed to cloak IP addresses, corporate security software, and even monitoring software used by parents.

Superfish latches on to Chrome

In all cases, the certificates leave computers vulnerable to attack from malicious parties as its poor encryption abilities will leave the user vulnerable to infiltration on websites that badly need encryption, such as bank websites.

“It means that anyone who has come into contact with a Komodia product, or who has had some sort of parental control software installed on their computer should probably check to see if they are affected,” wrote Rogers on his blog page.

In its own independent research, Facebook’s threat researcher Matt Richard analysed the prevalence of the adware across the different Windows versions of the most popular online browsers. He found 70pc of those affected were Chrome users, 27pc were using Internet Explorer, and 3pc were using Opera with Firefox remaining unaffected due to their own SSL encryption.

One web developer has created a security-experts recommended online test that checks whether a user’s computer is infected with Superfish.

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com