Security experts from G Data SecurityLabs analyzed Superfish adware. In this process, analysts have encountered in program, a technology component, called SSL digestion. It uses a root certificate which is poorly secured and has extensive rights on the computer. SSL Digestor intercept safe HTTPS connections which can be decrypted. In this way, connections that are apparently secured could be intercepted and attacked. This means that cybercriminals could use an attack man-in-the-middle to spy or use data flow between two communication partners, for example a bank and its customer, using a fake banking site.
According t9 G DATA experts, this part of the program is contained in other software recognized as Gen:Variant.Adware.Superfish.1 (Engine A) and Win32.Riskware.Fishbone.A (Engine B) by G Data. Just the user can remove the dangerous certificate.
“Superfish is questionable adware. However, because of the poorly secured SSL Digestor, it is actually dangerous for users,” explains Ralf Benzmüller, Head of G DATA SecurityLabs. “Affected users should remove the certificate immediately.”
The Superfish program is supplied pre-installed on many Lenovo notebooks. The adware has been an unwelcome guest on the PCs of most users for a long time, but its not necessarily malicious. It contains a technology component called SSL Digestor which contains an element that triggers the actual security problem – a very powerful yet poorly secured root certificate.
SSL Digestor install a certificate that allows the program to analyze and manipulate the data stream HTTPS connections. This component is found in adware programs that users unwittingly install and Trojan programs to be classified by the providers of IT security. Even seemingly normal programs rely on this component.