views
New Delhi: The recently discovered Lenovo's Superfish adware has been removed from about 2,50,000 Windows PCs according to Microsoft's malware detection data. The software giant, along with Lenovo and other software makers brought down the daily number of infected PCs to less than 1,000 within two weeks.
In its blog, Microsoft said that the number of infected PCs were around 60,000 on February 21, went up further before coming down over the next few days to around 3,000.
Microsoft cleansed about a quarter of a million Lenovo PCs between February 20 and March 4, a ComputerWorld report stated. The software giant used its Malicious Software Removal Tool (MSRT) which includes a set of 'fingerprints' that detect and delete malware.
Microsoft added a fingerprint for Superfish Visual Discovery-an adware that came pre-installed on Lenovo's consumer PCs with the aim of enhancing the user's online shopping experience.
The Superfish adware installed a fake root certificate into the Windows certificate store to place ads on encrypted websites, then re-signed all certificates presented by domains using HTTPS.
As the browser trusted all the fake certificates generated by Superfish, it was effectively conducting a classic 'man-in-the-middle' (MITM) attack able to spy on supposedly secure traffic between a browser and a server. Hackers could then easily crack the weak encryption key and launch their own MITM attacks by tricking Lenovo PC users into connecting to bugged Wi-Fi hotspot.
Lenovo had issued instructions for manually removing Superfish and its certificate and later introduced an automated tool. Meanwhile, Microsoft also updated its free Windows Defender and Security Essentials antivirus programs to spot and sift out the fake certificate.
Comments
0 comment