By Forrest Stroud
Superfish is a form of
adware that has the ability to hijack
encrypted Web sessions and open a system up to potential HTTPS
man-in-the-middle
(MiTM) attacks. Superfish gained widespread attention in early 2015
when it was revealed that the PC manufacturer Lenovo was selling
computers that had Superfish adware preinstalled.
Superfish Installed on Lenovo Computers Raised Security Concerns in 2015
Lenovo shipped some consumer notebook models with Superfish
preinstalled between October and December 2014, but discontinued the
practice after
security concerns over the adware components were raised in January 2015.
Lenovo initially claimed that the Superfish adware presented no
security risks, but the company changed its stance on February 20
th, when it issued a security advisory and labeled the Superfish adware as a security
vulnerability
that carried the potential impact of launching a man-in-the-middle
attack. On the same day, Lenovo released an automated tool to remove all
Superfish components on its computers.
Superfish has since raised a variety of security concerns for the
adware primarily revolving around the use a self-signed root certificate
that could potentially enable Superfish to intercept otherwise secure
communications and gain access to a user's Web traffic, login
credentials, credit card details and other sensitive information.
Superfish and Comodia Elicit Security Alert from US-CERT
Komodia's technology has also been identified as a
Trojan horse by some security vendors, with Symantec labeling the
malware as "Trojan.Nurjax." And the U.S. Computer Emergency Readiness Team (US-CERT) issued an alert on February 20
th, 2015 that exposed Superfish for being a risk beyond just in Lenovo notebooks.
The US-Cert named Komodia, the firm behind creating the Superfish adware, and revealed the firm's
SSL Digestor technology as being present on other applications and carrying the same associated risks on these apps.
According to the alert, "An attacker can spoof HTTPS sites and
intercept HTTPS traffic without triggering browser certificate warnings
in affected systems." The US-CERT recommends uninstalling any software
with Komodia's SSL Digestor as the only effective solution for avoiding
the risks associated with Superfish.
Comments
Post a Comment