Lenovo slapped with lawsuit over Superfish adware

Lenovo was on 24 February 2015 sued by unhappy customers over the Superfish adware. The adware apparently makes PCs susceptible to malware attacks.

The class-action suit was filed against Lenovo and Superfish after Lenovo admitted to pre-loading Superfish on some consumer PCs.

The customers sued both companies with fraudulent business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware which customers referred to as spyware.  

The issue came to fore in December 2014 when users had expressed concerns about scans of SSL-encrypted web traffic by Superfish Visual Search software pre-installed on Lenovo machines.

This became a major public issue, however, only in February 2015. The installation included a universal self-signed certificate authority; the certificate authority allows a man-in-the-middle attack to introduce ads even on encrypted pages.

About Superfish adware

Superfish Adware is advertising-supported software developed by California-based advertising company Superfish. The company was founded in Israel in 2006.

The adware is based on a visual search engine and it automatically renders advertisements in order to generate revenue for Superfish.

The adware was bundled with various applications by Superfish in 2010 and Lenovo began to bundle the software with some of its computers in September 2014. The adware has been described as malware or adware by several sources.