NYU Wordpress Theme

TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Summary:
A piece of pre-installed adware (Superfish) on recently purchased Lenovo consumer PCs can allow an attacker to view normally secured web communications.

What Does This Mean For Me:
This software may expose web mail, banking, and shopping transactions and information, and more, regardless of which web browser (Internet Explorer, Chrome, Firefox, etc) you are using.

Detailed Description:
Adware (software designed to intercept user data for advertising purposes) that was preinstalled by Lenovo, Superfish, is vulnerable to being redirected to a malicious server, used to collect private information. The nature of this vulnerability means that your information is acquired before it is encrypted by your browser, known as a “Man-in-the-Middle” attack. Lenovo itself has “shut off” the data collection on its own servers, but the software remains vulnerable to malicious third parties. This attack bypasses even secured connections (HTTPS). Follow the directions below under the Solution section to remove Superfish and its supporting software.

For more information on this alert and Lenovo’s response, the following CNET article is included for reference:
Lenovo’s Superfish security snafu blows up in its face

Technical Details:
Alert (TA15-051A) Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Solution:
Remove the Superfish adware and its associated components.

Removal Instructions (Automatic):
1) Download the automatic removal tool from Lenovo, located here:
Superfish Automatic Removal Tool
2) Locate the downloaded file, and run the program.
3) Click “Analyze and Remove Superfish Now.” You will be prompted to close any open browsers. Wait while the program runs.
4) At the conclusion of the scan, the tool will indicate whether or not Superfish was identified on your system, and what action was taken.

Removal Instructions (Manual):
Lenovo has provided a detailed set of instructions for removal here:
Superfish Uninstall Instructions
Alternatively, Naked Security, a cyber-security blog run by the antivirus firm Sophos, has also provided their own removal instructions if you prefer:
How to Get Rid of the Lenovo “Superfish” Adware

*New York University Email Alert [Code: 3141]* phishing scam

There are new reports about a phishing message that purports to come from “New York University Technical Service “ The phishing message claims “Dear User, The following alert has been posted to your webmail account regarding an unauthorized access to your account,” and instructs the recipient to click on a web link. An adjacent URL takes victims to a malicious website that requests, amongst other things, the NetID and password. This message is a forgery and should be deleted immediately.