Superfish is a piece of software that Lenovo has admitted to pre-installing on many of its laptops to “enhance the shopping experience” of its users. However, the U.S. Computer Emergency Readiness Team calls Superfish a “man-in-the-middle attack” because of how it “intercepts users’ web traffic to provide targeted advertisements.”
Superfish snoops in on your web browsing and secretly slips ads into webpages. But the really dangerous part is that it’s pre-installed with root certificate authority, which allows it to impersonate any server’s security certificate.
If this certificate is compromised by hackers, you could be tricked into logging in to a fake website and giving hackers your password. Because of Superfish, any of your accounts—including encrypted bank accounts—could be easily compromised.
According to Lenovo, Superfish may have been pre-installed on the following models:
Superfish has been pre-installed by Lenovo. Therefore, restoring your computer to factory condition from either a backup partition or a backup DVD will not solve the problem if Superfish is also part of your backup. Superfish would only be reinstalled, too.
So if you ever use a backup to restore your system, you may need to again remove Superfish and its root security certificate from your system.
To remove the Superfish program and its certificate from your computer, please use this free tool from Lenovo: Download Tool