Superfish Visual Discovery is a software pre-installed in Lenova computers. This software helps serving alternative image-heavy ads in Google search results. But it turns out to be a dangerous piece of adware.
LastPass, the password management software maker, reported that the Superfish Visual Discovery was installing its own self-signed Root Certificate Authority in Windows. The program uses an SDK from Komodia to do SSL MITM. Consequently it gains the power to intercept supposedly-secure communications to websites via a man-in-the-middle attack. This makes way for hackers to steal things like login details, email messages and so on.
“I think that at this point it is safe to assume that any SSL interception product sold by Komodia or based on the Komodia SDK is going to be using the same method,” said Marc Rogers, principal security researcher at CloudFlare.
Komadia shut its website and the front page has the messsge, “Site is offline due to DDOS with the recent media attention. Some people say it’s not DDOS but a high volume of visitors, at the logs it showed thousand of connections from repeating IPs.”
LastPass has created a tool that will instantly identify the infection in the computer. Once the infection is found, the user has to uninstall Superfish Inc VisualDiscovery program and related certificates.