{
	"id": "26a063fe-2fa8-4956-9403-8c061df4e2bc",
	"created_at": "2026-04-06T00:13:40.156301Z",
	"updated_at": "2026-04-10T13:13:00.899399Z",
	"deleted_at": null,
	"sha1_hash": "3ab49d163c729387fb202fd3632dfca5a8fdb0a8",
	"title": "Superfish: Adware Preinstalled on Lenovo Laptops",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 175124,
	"plain_text": "Superfish: Adware Preinstalled on Lenovo Laptops\r\nBy Onuma\r\nPublished: 2015-02-24 · Archived: 2026-04-05 14:42:51 UTC\r\nOn February 19th of 2015, it became known that Lenovo’s laptops had been shipped with an adware called\r\nSuperfish preinstalled. There are two major problems with this issue.\r\nThe first one being that the hardware maker had been shipping consumer laptops with an adware preinstalled for\r\nseveral months — starting in September 2014 up until February 2015.\r\nAnother problem is related to how Superfish behaves. Its ability to produce self-signed certificates possibly allows\r\na malicious third person to intercept SSL/TLS connections or, to put it simply, web browser sessions to “https”\r\nlinks.\r\nNow, let’s take a closer look at the latter problem by watching actual behavior of Superfish.\r\nBelow is a screenshot of an online banking website, accessed via Internet Explorer, from a clean PC without the\r\nadware. Clicking on the lock icon, it shows the information of the SSL certificate:\r\nFig 1. Accessing online banking site from a clean laptop\r\nThe SSL certificate is issued by Certificate Authority (CA) to ensure the ownership of the website. In this case,\r\nVeriSign is the certificate issuer who guarantees the identity of “Japan xxxx BANK Co,Ltd.” The certificate is\r\nhttps://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/\r\nPage 1 of 3\n\nalso used to encrypt a user ID or a password on an encrypted session. Safety of a connection is guaranteed in this\r\nway.\r\nThe next screenshot is of the same website. But this time it is accessed via Internet Explorer from a Superfish-infected PC. Its SSL certificate now shows “Superfish” as its issuer instead of “VeriSign.”\r\nFig 2. Accessing online banking site from an infected laptop\r\nWhat is the cause of this change? Superfish has its own CA on its software. This makes it possible to hijack a\r\nuser’s web session, generate a self-signed certificate and establish an SSL connection using it. Unfortunately, web\r\nbrowsers treat the Superfish-generated certificate as legitimate. So, the CA is now Superfish, not VeriSign.\r\nIn addition, a private key for generating a certificate is included in the software and available to anyone who wants\r\nit. The password of the key has also been revealed on the Internet. With the key-password pair, someone with\r\nmalicious intent could possibly intercept the data transmitted through the encrypted connection, or inject\r\nmalicious code in it. The worst possible scenario in this case is data theft from a web session with an online\r\nbanking site.\r\nUsers of Lenovo laptops with Superfish are strongly encouraged to delete both a software named “Superfish Inc.\r\nVisual Discovery” (from Windows Control Panel) and Superfish’s certificate (from the list of Trusted Root\r\nCertification Authorities).\r\n#Lenovo laptop users with #Superfish are strongly encouraged to delete both the #adware AND\r\ncertificate\r\nhttps://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/\r\nPage 2 of 3\n\nTweet\r\nKaspersky products can help you indentify if your laptop is affected. Our product detects the adware as Not-a-virus:AdWare.Win32.Superfish.b.\r\nLenovo is offering the Automatic Removal Tool for Superfish in their Security Advisory (LEN-2015-101).\r\nSource: https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/\r\nhttps://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/"
	],
	"report_names": [
		"7712"
	],
	"threat_actors": [],
	"ts_created_at": 1775434420,
	"ts_updated_at": 1775826780,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3ab49d163c729387fb202fd3632dfca5a8fdb0a8.pdf",
		"text": "https://archive.orkl.eu/3ab49d163c729387fb202fd3632dfca5a8fdb0a8.txt",
		"img": "https://archive.orkl.eu/3ab49d163c729387fb202fd3632dfca5a8fdb0a8.jpg"
	}
}