Superfish

Superfish is a form of adware that has the ability to hijack encrypted Web sessions and open a system up to potential HTTPS man-in-the-middle (MiTM) attacks. Superfish gained widespread attention in early 2015 when it was revealed that the PC manufacturer Lenovo was selling computers that had Superfish adware preinstalled.

Superfish Installed on Lenovo Computers Raised Security Concerns in 2015

Lenovo shipped some consumer notebook models with Superfish preinstalled between October and December 2014, but discontinued the practice after security concerns over the adware components were raised in January 2015.

Lenovo initially claimed that the Superfish adware presented no security risks, but the company changed its stance on February 20th, when it issued a security advisory and labeled the Superfish adware as a security vulnerability that carried the potential impact of launching a man-in-the-middle attack. On the same day, Lenovo released an automated tool to remove all Superfish components on its computers.

Superfish has since raised a variety of security concerns for the adware primarily revolving around the use a self-signed root certificate that could potentially enable Superfish to intercept otherwise secure communications and gain access to a user’s Web traffic, login credentials, credit card details and other sensitive information.

Superfish and Comodia Elicit Security Alert from US-CERT

Komodia’s technology has also been identified as a Trojan horse by some security vendors, with Symantec labeling the malware as “Trojan.Nurjax.” And the U.S. Computer Emergency Readiness Team (US-CERT) issued an alert on February 20th, 2015 that exposed Superfish for being a risk beyond just in Lenovo notebooks.

The US-Cert named Komodia, the firm behind creating the Superfish adware, and revealed the firm’s SSL Digestor technology as being present on other applications and carrying the same associated risks on these apps.

According to the alert, “An attacker can spoof HTTPS sites and intercept HTTPS traffic without triggering browser certificate warnings in affected systems.” The US-CERT recommends uninstalling any software with Komodia’s SSL Digestor as the only effective solution for avoiding the risks associated with Superfish.

Forrest Stroud
Forrest is an experienced, entrepreneurial and well-rounded professional with 15+ years covering technology, business software, website design, programming and more.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand today's texting lingo. Includes Top...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Blockchain

Blockchain is one of the core technologies behind cryptocurrency. Blockchain is a system...

Cached Data

Cached data is designed to improve the user experience when browsing the internet...

CCTV (Closed-Circuit Television)

A CCTV or closed-circuit television is a system of interconnected cameras that capture...