Lenovo, Superfish Spyware Prompts Class Action Suit

John Lister's picture

PC manufacturer Lenovo may have to defend a class action lawsuit after it reportedly sold notebook computers that contained unwanted adware. The lawsuit follows the revelation that the adware had the potential to spy on users.

The case involves a piece of software called Superfish. It was designed to look at images users were viewing online, identify items, find websites selling the item at a cheap price, and display an offer in a pop-up window. The software came pre-installed on some Lenovo notebook PCs and integrated with multiple browsers.

Superfish came under several different categories. It's been labeled as adware, as it produced advertising and displayed it to users. It's also been labeled as bloatware (or less politely, 'crapware') because it came preinstalled on a computer without the user requesting it.

Superfish Hijacked Secure Connection

While such a practice isn't uncommon, Superfish went a step further. It turns out that the program was able able to use bogus Internet security certificates, allowing it to intercept even secure connections. Rather than just produce pop-up windows, Superfish was able to hijack web pages and insert its own advertising on a web page that the user was visiting.

While there's no evidence the organization behind Superfish was stealing any personal data, the bogus Internet security certificates theoretically mean it could grab data sent over a secure connection. It also increases the opportunity for hackers to do the same.

Lenovo stopped pre-installing Superfish last month in response to customer complaints about it affecting usability. It says it was completely unaware of the associated security risk until last Friday. It's now issued a removal tool for users and is passing on details to security software manufacturers to make it easier for them to label Superfish as malicious software. (Source: theregister.co.uk)

Customer Shocked By Risque Ads

That's not enough for one customer, who has filed a lawsuit accusing Lenovo of breaching privacy and wiretap laws by interfering with her web connection. Jessica Bennett, a blog writer, says she was shocked to visit websites belonging to two of her clients and see ads involving scantily-clad women, inserted by Superfish. (Source: mediapost.com)

Bennett is applying for class action status. If granted, anyone meeting certain criteria -- likely Lenovo laptop buyers who had Superfish preinstalled -- could be named a joint plaintiff rather than have to bring their own case, and would share in any damages awarded.

How to Test Your Browser for SuperFish Vulnerability

A website dedicated to detecting vulnerability threats like SuperFish has been set up. All you need to do is visit the website and wait about 10 seconds to perform a quick test. A message will appear shortly after the test and notify you if your system is vulnerable.

What's Your Opinion?

Have you come across Superfish on your PC, and if so, what was your experience? Should manufacturers take greater responsibility for the security of software they pre-install?

Rate this article: 
Average: 4.6 (7 votes)

Comments

brendabreslin_4088's picture

I had this on my Hp all in one. It infected my pc and allowed another Trojan P0WELIKS, to to almost cripple my machine. MBAM, detected it and quarantined it thank god.According to MBAM it left 4 different instances of problems, registry and files all associated to superfish.

Im pretty sure it was also connected to installing an onlime game player through wild tangent games.