Lenova’s Superfish adware brought under control

By | March 17, 2015

The recently discovered Lenovo’s Superfish adware has been removed from about 2,50,000 Windows PCs according to Microsoft’s malware detection data. The software giant, along with Lenovo and other software makers brought down the daily number of infected PCs to less than 1,000 within two weeks.


In its blog, Microsoft said that the number of infected PCs were around 60,000 on February 21, went up further before coming down over the next few days to around 3,000. To battle the Superfish scourge, Microsoft added automated detection of the adware to its real-time protection products, such as Windows Defender and Microsoft Security Essentials. The company said in a blog post that it also shared Superfish detection data with its partners to further expand the Superfish cleanup.

Microsoft did not release a specific count for the number of PCs rid of Superfish. But based on a graph the company published, it appears around 2,50,000 PCs had Superfish removed via the Microsoft-led effort. As of March 4, the number of daily removals was in the hundreds.

superfish removal graph

The software giant used its Malicious Software Removal Tool (MSRT) which includes a set of ‘fingerprints’ that detect and delete malware. Lenovo released its own Superfish removal tool, McAfee added Superfish removal to its security products, and we also reported on a manual method for removing the adware.

The Superfish adware installed a fake root certificate into the Windows certificate store to place ads on encrypted websites, then re-signed all certificates presented by domains using HTTPS.

As the browser trusted all the fake certificates generated by Superfish, it was effectively conducting a classic ‘man-in-the-middle'(MITM) attack able to spy on supposedly secure traffic between a browser and a server. Hackers could then easily crack the weak encryption key and launch their own MITM attacks by tricking Lenovo PC users into connecting to bugged Wi-Fi hotspot.

Lenovo had issued instructions for manually removing Superfish and its certificate and later introduced an automated tool. Meanwhile, Microsoft also updated its free Windows Defender and Security Essentials antivirus programs to spot and sift out the fake certificate.