HomeSecurity

Superfish

Forrest Stroud
Forrest Stroud
Updated on:

Superfish is a form of adware that has the ability to hijack encrypted Web sessions and open a system up to potential HTTPS man-in-the-middle (MiTM) attacks. Superfish gained widespread attention in early 2015 when it was revealed that the PC manufacturer Lenovo was selling computers that had Superfish adware preinstalled.

Superfish Installed on Lenovo Computers Raised Security Concerns in 2015

Lenovo shipped some consumer notebook models with Superfish preinstalled between October and December 2014, but discontinued the practice after security concerns over the adware components were raised in January 2015.

Lenovo initially claimed that the Superfish adware presented no security risks, but the company changed its stance on February 20th, when it issued a security advisory and labeled the Superfish adware as a security vulnerability that carried the potential impact of launching a man-in-the-middle attack. On the same day, Lenovo released an automated tool to remove all Superfish components on its computers.

Superfish has since raised a variety of security concerns for the adware primarily revolving around the use a self-signed root certificate that could potentially enable Superfish to intercept otherwise secure communications and gain access to a user’s Web traffic, login credentials, credit card details and other sensitive information.

Superfish and Comodia Elicit Security Alert from US-CERT

Komodia’s technology has also been identified as a Trojan horse by some security vendors, with Symantec labeling the malware as “Trojan.Nurjax.” And the U.S. Computer Emergency Readiness Team (US-CERT) issued an alert on February 20th, 2015 that exposed Superfish for being a risk beyond just in Lenovo notebooks.

The US-Cert named Komodia, the firm behind creating the Superfish adware, and revealed the firm’s SSL Digestor technology as being present on other applications and carrying the same associated risks on these apps.

According to the alert, “An attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings in affected systems.” The US-CERT recommends uninstalling any software with Komodia’s SSL Digestor as the only effective solution for avoiding the risks associated with Superfish.

Forrest Stroud
Forrest Stroud
Forrest is a writer for Webopedia. Experienced, entrepreneurial, and well-rounded, he has 15+ years covering technology, business software, website design, programming, and more.

Related Articles

@ Sign

Networking Webopedia Staff - 0
Pronounced at sign or simply as at, this symbol is used in e-mail addressing to separate the user' name from the user's domain name,...

Munging

Productivity Vangie Beal - 0
(MUHN-jing) Munging (address munging), is the act of altering an email address posted on a Web page to make it unreadable to bots and...

How to Create an RSS Feed

Development Vangie Beal - 0
In the second installment of RSS how-to, we look at some of the nonrequired (optional) channel and item tags, discuss RSS specifications in-depth and...

Dictionary Attack

Productivity Vangie Beal - 0
(n.) (1) A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with...

Related Articles

Definitions

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...
Read more
Development

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...
Read more
Definitions

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...
Read more

Webopedia is an online information technology and computer science resource for IT professionals, students, and educators. Webopedia focuses on connecting researchers with IT resources that are most helpful for them. Webopedia resources cover technology definitions, educational guides, and software reviews that are accessible to all researchers regardless of technical background.

Advertisers

Advertise with Webopedia and our other IT-focused platforms.

Advertise with Us

Menu

Property of Find.co
© 2023 Webopedia. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which Webopedia receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. Webopedia does not include all companies or all types of products available in the marketplace.