Emerging Threat - Superfish

March 5, 2015 | Garrett Gross

It’s a given that nobody likes adware loaded on their new systems by the manufacturer but usually, it is no more than a nuisance and can be easily removed in most cases. However, when that software includes a major security flaw, making man-in-the-middle attacks infinitely easier to carry out, you have a major issue on your hands.

Just last month (February 2015), it came to light that major hardware vendor Lenovo had been shipping machines with the Superfish adware pre-installed. This piece of software included a very insecure certificate that allowed interception or even redirection and modification of HTTPS traffic without triggering any warnings in the browser. The impact to you could be critical, putting your company’s (and user’s) sensitive data in jeopardy. You can be impacted in many ways, including: Your traffic could be intercepted, allowing attackers to harvest authentication information, intellectual property, or other sensitive data. Traffic could also be modified to route users and/or data to malicious sites. Attackers could impersonate a valid endpoint and trick a user into sending them sensitive data or log-in credentials, enabling identity theft and fraud.

The AlienVault Labs team has already released correlation rules to help spot activity related to the Superfish adware. With AlienVault Unified Security Manager (USM) they will help you identify when Superfish is present on a system and also when Superfish is being used in a connection.

Garrett Gross

About the Author: Garrett Gross

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.

Read more posts from Garrett Gross ›


Watch a demo ›
Get price Free trial