Computer manufacturer Lenovo has been caught purposefully selling new computers to consumers with preinstalled adware. The hidden adware, dubbed Superfish by researchers, embeds itself in internet browsers to deliver popup advertisements based on search terms.
Users have complained about Superfish on new laptops since last fall, but the adware has only come under fire recently with the discovery of a potentially serious security threat. In addition to serving up targeted marketing, Superfish is able to circumvent SSL/TLS connections thanks to the ability to self-sign internet security certificates. The vulnerability allows Superfish to conduct a man-in-the-middle (MITM) attack and view the contents of any connections that should be encrypted. This means that normally safe internet shopping or secured private data sites are made fair game to an attacker.