Mixing mutex: The new malware medley?

ExpressVNPevolved-malware

Malware has evolved again — according to Threat Post, malicious actors have created a way to dynamically spoof “mutex” values using Windows product IDs as a way to hide the presence of multiple, malicious processes. Here’s what you need to know about this new mix-don’t-match technique.

Mutex?

It sounds like something found in mad scientist’s lab — a seething substance just ready to infect (or empower) someone unlucky enough to get splashed or dunked. In fact, mutex values are a way for malware detectors to determine if multiple, identical processes are running at the same time. Not all malicious programs use mutex values, but those that do typically rely on static values, *** it possible to discover their presence. As noted by The Register, the BackOff POS malware used a static mutex, allowing researchers to detect system infection. This is the simplest way for malware creators to code their programs; Lenny Zeltser of SANS Institute says that “malware authors who wish to employ mutex objects need a predictable way of naming those objects, so that multiple instances of malicious code running on the infected host can refer to the same mutex.” Now, there’s a new mutex in the mix.

Evading Detection

Instead of going static, the TreasureHunter malware uses a kind of dynamic mutex value based on the infected system’s Windows product ID. This makes it much less likely that researchers and malware-detection programs will “see” malicious code before it takes action, since process mutexs don’t seem out of place and vary from system to system. The malware accomplishes this task by first using code to read registry locations such as HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId, and then running a deterministic algorithm to generate mutex values which are appropriate for the version of Windows and processing running. Simply put? This new mix makes it more difficult to find unique “flavors” of malware, instead allowing them to blend in with more familiar code ingredients.

Particular Palettes

The task of detecting malware is big business — security companies across the globe are looking for ways to beat out the competition and find “the next big thing” before anyone else does. In some cases, however, the rush to be first on the street puts these organizations in the firing line: Consider the recent troubles of Panda Labs, which after a March 11th update discovered that the antivirus solution was marking its own files as infected and sending them to quarantine. Other security vendors have encountered similar issues in the past, but they all stem from the same place: The desire to find critical malware markers, such as bits of code or subtle actions, which set them apart from benign programs. That’s the allure of mutex and similar static indicators, and why it’s no surprise that malware creators are now finding ways around. It’s worth noting that the mutex mixer isn’t exactly sophisticated, and that mutex analysis itself should never be the sole measure of malware’s existence.

Breaking Through

The new mutex developments align with current market perception — according to CIO Insight, 81 percent of respondents believe that “even with security tools, Web-borne malware can be completely undetectable,” while the same number said that insecure Web browsers are a primary attack vector. Finally, 74 percent think that traditional malware detection technologies — such as hunting for static mutex values — are becoming ineffective. The result? That 77 percent say their organizations have been infected by undetected malware. In other words, malicious code is breaking through corporate barriers, and the new mutex mutation scheme is just more pushback from the bad guys.

So what does all this mean for the companies, developers, and individuals trying to stay out in front of new malware attacks? The same as it did last week. This mutex evolution isn’t particularly brilliant, nor will it fundamentally change the way security companies detect new issues. Instead, it’s a reminder that malware developers are often on the forefront of code evolution since they’ve got the benefit of existing security measures to use as reference material. Staying safe hasn’t changed: Don’t download attachments you don’t trust, don’t surf without the protection of a secure VPN, and regularly check your system for infection. Dynamic mutex values using Windows product IDs might slow the process, but this new mix doesn’t ruin the recipe.

Featured image: Daevid / Dollar Photo Club

ExpressVNP

FBI’s plan to expand hacking power advances despite privacy fears

ExpressVNPfbi-hacking

Last Monday the Judicial Conference Advisory Committee on Criminal Rules sanctioned a rule change that will expand the FBI’s authority to use hacking techniques to gain access to electronic data.

The committee ruled 11 to 1 in favour of a modification to an old federal rule – Rule 41 – thereby granting judges more leeway in approving search warrants for electronic data, the National Journal reports.

Before the change, judges could only approve a search warrant for material residing within their own judicial district. Now, however, courts will be able to grant search warrants for data located elsewhere.

The federal government says the change to Rule 41 is an essential upgrade to an antiquated rule that will bring it into the 21st century.

The Federal Bureau of Investigation will, it says, benefit from the increased authority which will allow easier access to networks which it can then monitor via tracking software. This, it says, will allow the agency to better monitor criminals who are adept at using technology to cover their tracks.

A number of organisations, including civil rights and civil liberties groups, have spoken out against the rule change, saying the amendment went way beyond a minor tweak and was in fact a major change that could represent a conflict with the Fourth Amendment and the protection it conveys to US citizens against unreasonable search and seizures.

Organisations, such as the American Civil Liberties Union (ACLU), also claimed the rule change could, in theory at least, afford the FBI the ability to target multiple computers simultaneously, possibly including millions belonging to users who are not implicated in any crime.

Search giant Google also added its might to the argument last month, saying it “raises a number of monumental and highly complex constitutional, legal and geopolitical concerns that should be left to Congress to decide”.

Google’s director of law enforcement and information security, Richard Salgado, said the wording of the amendment was too vague, potentially allowing the government to use “remote access” to search and seize or copy electronic data, adding that the specifics of how and what may be searched were missing from the text:

“The term “remote access” is not defined. Sample search warrants submitted by the DOJ to the Committee indicate that “remote access” may involve network investigative techniques, or NITs, which include, for example, the installation of software onto a target device to extract and make available to law enforcement certain information from the device, including IP address, MAC address, and other identifying information.”

Salgado also suggested that the term “remote access” seemed to imply that the government could in fact hack any facility, anywhere, and that the wording around botnets – which can infect millions of computers at a time – could mean that the amendment effectively opened up access to all of those machines to the FBI.

The Justice Department, as to be expected, is all in favour of it though. In December 2014 deputy assistant attorney general of the Criminal Division in the DOJ, David Bitkower, noted in a memo that:

“The proposed amendment would ensure that a court has jurisdiction to issue a search warrant in two categories of investigations involving modern Internet crime: cases involving botnets and cases involving Internet anonymizing techniques”.

Bitkower used the memo to add further clarification, explaining how the proposal would merely simplify the search process without adding any additional authority not already permitted under existing legislation. Bitkower was also keen to stress how judicial oversight would remain, with judges ruling on warrant applications on a case by case basis.

Privacy groups will, however, continue to fight the rule change which is subject to review by the Standing Committee on Rules of Practice and Proceedings, most likely in June, and by the Judicial Conference in September.

American Civil Liberties Union lawyer American Civil Liberties Union issued a statement in which he said:

“Although presented as a minor procedural update, the proposal threatens to expand the government’s ability to use malware and so-called ‘zero-day exploits’ without imposing necessary protections. The current proposal fails to strike the right balance between safeguarding privacy and Internet security and allowing the government to investigate crimes.”

Featured image: J. Jones / ExpressVNP

ExpressVNP

New MacBook: What you C is what you get, new USB cable runs privacy risk

ExpressVNPusb cable

It’s a running joke: USB cables never fit properly on the first try. You’re sure you looked at the cord and the port before you tried; they matched, you’re certain. But somehow they simply don’t line up. A few flips, a few curses and you finally get the cable installed. Now, new MacBooks and Chromebook Pixels will come with a built-in solution: USB-C. The smaller, sleeker cable and port doesn’t have a “right side up”, comes with improved data transfer speeds and can even be used in lieu of a standard power cable to charge up your computer. Oh, and it opens you up to malware attacks.

What’s the Difference?

CNet has a good write-up on the variations across USB types. Type A connections, for example, are typically used in host devices such as desktops and laptops and require a specific orientation for proper fit. At the other end many of these USB cables are Type B connections, which can vary in size and shape. They connect to printers, external hard drives and just about any other peripheral you own. The first USB version, 1.1, was made commercially available in 1998 and featured a top transfer speed of 12 Mbps and power output of 2.5 volts. By 2008, version 3.0 was available with a 5Gbps transfer speed and 5 volt power output.

Set for wide release later this year, USB-C and version 3.1 are changing the game. First of all, both connections are identical and the data transfer rate is being boosted to 10 Gbps. What’s more, USB 3.1 yields a 20 volt output, analogous to 100 watts of power. Since most mobile devices and laptops only need 60 watts, this means you’ll be able to route both information and electricity through the same port. Nifty, right? The NSA certainly thinks so.

Unprotected Power

According to the Verge, these new USB-C cables run the risk of exposing users to malware threats, including the BadUSB vulnerability. BadUSB was written by researchers to demonstrate the inherent security risks in even “airgapped” technology thanks to the use of USB sticks and similarly “shared” technology. BadUSB lives in a device’s firmware and once connected, the malware payload installs and slowly takes over. Even more worrisome is that no solution has yet been found to this problem, because BadUSB is not software it’s virtually undetectable and cannot be removed.

And this issue isn’t solved with USB-C. While the firmware needed to carry BadUSB or similar malware won’t come standard with these new cables, it’s not difficult to install. A malicious actor could load up their new cable, head to a coffee shop and then simply wait for someone to borrow the infected power cord — a commonplace act of technological “kindness,” and one that’s set to become much more prevalent once the new standard hits store shelves. The short-term solution is to trust no power but your own, and never leave your cord or device unattended. But even that may not be enough; with USB-C poised to be the “catch-all” port for mobile devices and laptops alike, spy agencies are eager to find a new avenue of access.

Already Trying

The NSA hasn’t been sitting idle while USB-C was in development. As noted by Ars Technica, in a document leaked last year called the ANT catalog, the spy agency detailed some of its most promising technology. One such device was a man-in-the-middle USB implant called “Cottonmouth-I”, which could turn a computer’s USB connections into wiretaps or allow it to be remotely controlled. Originally pegged at $20,000 to build, security researchers have now devised a way to build one for less than $20.

And according to Gizmodo, it’s not so far-fetched that the NSA would try to sneak in through backdoor cable faults or encryption vulnerabilities, since in 2014 it was discovered that the spy agency spent $10 million trying to convince security firm RSA to leave a backdoor unpatched for just this kind of covert effort. With USB-C poised to be a big seller across a host of devices, there’s massive intelligence market up for grabs.

C-Change

The new USB-C cable offers marked benefits over its A and B predecessors, but doesn’t come without risk. Stay safe: Never accept power from strangers, no matter how innocent they may seem — in today’s security-obsessed world, it’s hard to tell hackers and the NSA apart.

Featured Image: Marina Shemesh / Public Domain Pictures.net

ExpressVNP

iSpy? Government agencies “petrified” over iPhone encryption

ExpressVNPiphone on table

The spies are scared. That’s the word from Glenn Greenwald, the writer who helped Edward Snowden publish his tell-all documents about the NSA. In a recent CNBC article, Greenwald argues that better encryption from device makers like Apple and social sites like Facebook have “petrified” the NSA and other spy agencies. “They are now starting to put serious encryption technologies in their new iPhones in their new releases,” he says, “and this has really petrified governments around the world.” But why the big reaction? What’s so scary about consumers having control over their own data?

Not the First Time

As noted by Wired, governments have long been fighting for better access to consumer devices. In the 1990s, for example the Clinton administration made the case for a “trapdoor keys” in consumer encryption products with an eye to helping out law enforcement and spy agencies where necessary. Understandably, citizen outcry was substantial and the government backed down from including these kind of backdoors — although the debate is now cropping up in other large-scale computer manufacturing companies, such as China.

And according to The Intercept, the CIA has been trying to hack Apple’s encryption for years, giving them a way to access user devices even if the manufacturing giant won’t comply with warrants — or if spy agencies are operating outside the bounds of established law. Simply put, law enforcement and government spooks want access to your device and always have, “just in case.” But thanks to Snowden and other privacy revelations, the tide is finally turning in favor of stronger encryption, and it has these organizations worried.

Not For Your Benefit

Greenwald is quick to note that by-default encryption on Apple devices isn’t some kind of noble effort on the part of the device manufacturer to “do the right thing.” Instead, they’re more worried about losing consumers, worried about what happens when international companies make the case to American buyers that they’re more secure because they don’t hand over your data to the NSA. And there’s certainly pressure; last year, Yahoo broke the news that it was threatened with a $250,000 per day fine if it didn’t hand over specific information to the spy agency.

Worrying Trend

So why are spies and law enforcement officials so worried about the protection of your data? Because strong encryption methods mean that manufacturers can’t access personal information, even if presented with a warrant. The only key holder is the owner of the device, who is under no obligation to provide their access code and cannot be circumvented by any “backdoor” trickery. Police departments warn that this could compromise the speed of investigations, while national security pundits claim it could open the nation to terrorist threats. It’s no wonder, then, that the CIA is holding hacking jamborees to crack the iPhone — and that Apple is trying its best to distance itself from the role of NSA “collaborator” as described in the Snowden documents.

Not All Good News

Another such “collaborator” is Google, which recently promised that all devices running the latest version of Lollipop would come with built-in disk encryption. The announcement drew ire from the FBI and according to Forbes, the search giant has now backed off the idea, instead “recommending” that its partners use full-disk encryption rather than *** it a requirement. The terms of its Android Compatibility Definition document claim this will become a “must” in future versions of the OS, but there’s no timeline for this “future.”

Are You Protected?

So where does this leave you and your favorite mobile device? If you’re using a newer Apple product, you’ve got the benefit of better-than-average encryption that has a spy agencies shaking in their boots. Even perpetually risk-prone Facebook is getting its act together and helping lock down user privacy. But Androids and other mobile devices are still left out of the security loop, meaning you’re not protected by default. Here’s the bottom line: The NSA has no absolutely no interest in your data, until it suddenly wants a look at everything you own. This threat might never manifest, but why take the chance? If encryption has the NSA “petrified”, it’s a safe bet this is something you want to make a move on.

Featured image: Thom / Unsplash

ExpressVNP

Kaspersky sees opportunity in the Internet of Threats

ExpressVNPkaspersky internet of things internet of threats

Kaspersky Lab Chairman and CEO Eugene Kaspersky was in Boston last week to celebrate his company’s 10th anniversary in the US.

While there, he spoke to The Boston Globe about how he sees the land of the free as a huge opportunity for the business he co-founded with ex-wife Natalia Kasperskaya in 1997.

The former cryptography student sees business value in the rapid move to the Internet of Things as more and more devices add web connectivity to their feature sets.

While the proliferation of networked televisions, refrigerators, and smartphones offer new sales to manufacturers and arguably interesting new features to consumers, they also open up a whole new world of potential cyber ruination and privacy invasion for anyone unfortunate to be caught out by a poorly protected product.

During the interview with The Globe, Kaspersky echoed thoughts we often see expressed around the IT security community – that there is a growing awareness of security issues but individuals, corporations and countries are running scared, unable to fathom how to address their concerns.

The key problems, he said, were that countries had not developed effective strategies for dealing with the threats they faced and, where intelligence was available, they were reticent about sharing it with their neighbours.

In the business world, Kaspersky pointed to legislation as an additional potential stumbling block. While there are very good reasons why industries such as healthcare have tight privacy legislation in place the very same, he said, presents a challenge when it came to updating systems’ security.

The other concern in the corporate world, according to Kaspersky, is the lack of information security professionals being hired by the majority of companies.

Such an observation is hardly news of course. The industry has been highlighting the need for more expert security personnel for years but remedying the situation will not be easy. Even the largest of corporates are struggling to recruit, train and retain applicants of the required standard due to a global shortage of available talent – a situation that appears to be worsening rather than improving every year.

So what is the answer?

Conceding the fact that stopping cyber criminals was impossible, Kaspersky’s rather simplistic view, considering the recruitment challenges, is for firms to “make the hack more expensive than the possible damage”.

To achieve this, he said that security should be increased to make attacks harder to execute, more time-consuming and, ultimately, more expensive for the perpetrators to run.

While the largest firms can attract the best talent and medium sized businesses likely have the option of retaining the Russian Equation group-finding malware firm, the solution for smaller firms and individuals is harder to spot.

The days of being able to safely assume that malware, phishing attacks and targeted attacks were something that only the big boys had to worry about are long gone.

Even the smallest firms are breached and the costs can potentially be catastrophic, coming in the form of lost hours, clean-up costs, remediation and, in some jurisdictions, legislative penalties for data loss.

Kaspersky’s so-called Internet of Threats will not change things for the better. On the contrary, adding more internet-connected devices to the workplace will only increase the challenges and risks faced on a daily basis, especially in those organisations already struggling with their bring your own device (BYOD) policies and the further issues caused by employee adoption of ‘shadow IT’.

Home users won’t fare much better either – considering how we’ve already seen a refrigerated spam bot and all-seeing, all-hearing TVs – how long do you think it will be before your fitness tracker dictates your insurance policy costs and that shiny new watch shares less with you than with the company that designed it?

There certainly is opportunity in the Internet of Threats but the question is… who really stands to benefit?

Featured image: viperagp / Dollar Photo Club

ExpressVNP

Tor ban “technologically infeasible” and unwise, MPs told

ExpressVNP

Any thought British members of parliament may have had about banning online anonymity systems such as Tor would not only be unwise but also “technologically infeasible,” according to the Parliamentary Office of Science and Technology (POST).

The group’s report is a potential source of embarrassment for Prime Minister David Cameron who, just two months ago, said encryption should be outlawed in the UK unless the government was allowed back door access.

Following a pattern of tightening security after the fact, the PM made his comments in the wake of the Charlie Hebdo attack in Paris in January, asking whether we should “allow a means of communications which it simply isn’t possible to read?” His argument was that strong encryption posed problems for the security and intelligence communities, *** it harder for them to track and foil terrorists.

The IT security community was quick to react, suggesting that Cameron had little comprehension of encryption, how it worked or why it was necessary. Much ire was directed his way and more than one company suggested that doing business in Britain under a regime where encryption was banned would be too troublesome.

Fortunately, the POST also sees things a little differently to the leader of Her Majesty’s government.

The Parliamentary Office advised MPs that there was “widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK”.

In respect of the darknet – described by the prime minister as a “digital hiding place for child abusers” – the report said that the Child Exploitation and Online Protection Command (CEOP) of the UK National Crime Agency referenced Tor as playing “only a minor role in the online viewing and distribution of indecent images of children”.

In fact CEOP went further, saying that Tor is actually less popular among paedophiles because of the way in which it slows the downloading of images.

As for TOR itself, the report cited “technical challenges” as it referenced similar moves made by the Chinese government when it attempted to block users from using The Onion Router to access unauthorised websites.

That, the report said, had proven to be difficult as the network continually added “bridges” that were “very difficult to block,” allowing people to continue accessing Tor.

Beyond a brief mention of terrorism, the report highlighted how Tor Hidden Services could be used to create underground markets such as the infamous Silk Road, as well as more benign uses including protecting journalistic sources, whistleblowing and – our favourite – protecting a user’s privacy.

The Parliamentary Office of Science and Technology *** did admit that Tor Hidden Services could be used to create online criminal communities but added that “identifying criminals using Tor is time-consuming and it requires a high degree of skill”.

Based on such findings, and an impending General Election, it seems likely that David Cameron may be persuaded to back down on his threat to ban encrypted services that don’t feature a backdoor.

For now…

Featured image: Tor Project

ExpressVNP

Wikimedia Foundation & rights groups sue NSA over mass surveillance

ExpressVNP

Jimmy Wales’ Wikimedia Foundation, the non-profit organization behind Wikipedia, has announced its intention to file a lawsuit against the National Security Agency (NSA) and the Department of Justice (DOJ).

The suit is set to challenge programs of mass surveillance such as PRISM.

In a recent blog post the foundation said:

“Our aim in filing this suit is to end this mass surveillance program in order to protect the rights of our users around the world”.

The non-profit is joined by eight other organizations “from across the ideological spectrum,” including:

  • Amnesty International USA
  • Global Fund for Women
  • Human Rights Watch
  • Pen American Center
  • The Nation Magazine
  • The National Association of Criminal Defense Lawyers
  • The Rutherford Institute
  • The Washington Office on Latin America

The full complaint explains how Wikimedia will focus on so-called “upstream” surveillance – the collection of vast amounts of data through tapping internet structure.

The lawsuit claims that such widespread surveillance impinges both the First Amendment and the Fourth by eroding the freedoms of expression and association and the right to privacy respectively.

The suit also says the NSA’s practices, first brought to the public’s attention by whistleblower Edward Snowden, violate Article III of the Constitution, which establishes the authority of US courts.

In addition, it says that the spy agency exceeded its remit, as defined by the Foreign Intelligence Surveillance Act (FAA) and amended by Congress in 2008.

The FAA gives the security services the authority to monitor only non-US citizens but the methods employed actually hoovered up huge amounts of data from US residents and entirely innocent non-residents alike.

Unfortunately, the problem for Wikimedia is the difficulty in proving that superfluous data has been collected. Such a stumbling block may actually make it impossible for the foundation to win its case.

Wikimedia has pointed toward a classified NSA PowerPoint presentation that was released in 2013 that included one particular slide that explained how its monitoring systems could allow its analysts to learn “nearly everything a typical user does on the internet”.

The foundation also presented a second slide in its suit that includes an explicit reference to Wikipedia and even uses its trademark, as well as others from organizations including Google, Facebook, Twitter and Yahoo. This, it says, provides the grounds for its suit.

The actual legal situation isn’t so clear cut though – to prove its case, Wikimedia will need to conclusively prove that it was itself affected by the actions of the NSA. The agency will likely, as it has in the past, argue that the foundation cannot know whether or not its communications were ever intercepted in the first place. While such an argument may sound a bit wishy washy, it has proven to be quite effective in the past due to the fact that secret surveillance programs are, of course, secretive in their scope and execution.

Wales and Wikimedia Foundation executive director Lila Tretikov say the case is essential as the current standing could leave contributors unwilling to create new articles or edit existing ones for fear of reprisals should the NSA read their input.

The pair said suit had been filed to protect Wikipedia’s 500 million monthly visitors and their democratic right to freely exchange ideas and knowledge, adding that:

“Privacy is an essential right. It makes freedom of expression possible, and sustains freedom of inquiry and association. It empowers us to read, write, and communicate in confidence, without fear of persecution. Knowledge flourishes where privacy is protected”.

According to Reuters the Obama administration is dismissive of the case, saying:

“We’ve been very clear about what constitutes a valid target of electronic surveillance. The act of innocuously updating or reading an online article does not fall into that category”.

We’ll be following the case, which Wikimedia filed with the help of the American Civil Liberties Union, with great interest.

Featured image: Jerry Sliwowski / Dollar Photo Club

ExpressVNP

Lenovo’s Superfish adware bites!

ExpressVNP

One of the most valuable assets any business owns is its reputation. So it may come as something of a surprise to learn that Lenovo, a personal computer company that allowed Superfish to put its software on new machines, did so in return for a paltry $250,000.

According to Forbes, that was the sum that exchanged hands when the PC maker took the unfathomable decision to allow what is commonly referred to as “adware” (and that’s the polite way of describing it) onto its hardware.

Given the fallout that has followed the news that Superfish was logging users’ every step on the internet, including private sessions with their banks and email providers, it seems likely that a quarter of a million dollars will look like small change in comparison to the financial and reputational cost to Lenovo.

Now, the company is busy backpedalling via its PR department as it seeks to placate angry customers, privacy activists and the security community.

In a press release issued on 27 February, the company said that its customers’ experience was paramount, as were the principles of security and privacy.

Lenovo said it will reduce the number of pre-loaded applications on its PCs and revealed that it had worked with security companies to enable the previously hard to remove Superfish to be zapped by antivirus programs.

Lenovo has also made an automatic removal tool available on its homepage and is offering a free 6-month subscription to McAfee LiveSafe for all of its affected customers.

In the future, the company says, it will only ship PCs with the software required to make them work to their potential, along with security software and specific Lenovo-owned software. The company will also endeavor to list every preloaded application along with an explanation of what each does.

This, it says, should go some way to removing what the industry often refers to as “adware” or “bloatware”.

Where all this leaves Superfish is anyone’s guess right now though.

The California based start-up began in 2006 when video surveillance experts Adi Pinhas and Michael Chertok looked into the possibility of scanning video footage following another venture in the casino industry.

The pair aimed to create a “visual search engine” – the software scans the web and uses mathematical models to catalogue, analyze and match images to products offered by its customers.

By 2011 the company had formed tens of thousands of partnerships, earning affiliate commissions on sales generated by users who arrived on product pages via Superfish.

The next move from the company was to launch a number of apps on Google Play and the App Store called “LikeThat” which allow fans of different industries to take and upload appropriate pictures. The app then matches those images to affiliated product pages with its partners and earns the company a commission on each related sale thus generated.

In early 2014 Superfish then approached Lenovo and discussed adding its VisualDiscovery software onto new PCs before they were shipped.

It was soon after that the problems began – buyers of Lenovo PCs started grumbling about poor performance when browsing the web, saying that internet surfing was a buggy experience.

When security experts began looking into the problem it was discovered that Superfish was the cause. Worse yet, many antivirus programs were unable to remove it and there were even reports suggesting that the pesky software was able to withstand a reformatting of a hard drive.

Angry customers threw up their arms and a lawsuit alleging that Lenovo and Superfish trespassed on personal property and violated wiretapping laws has already been lodged.

Even hackers have displayed their displeasure over the saga with the notorious Lizard Squad getting in on the act and defacing Lenovo’s website.

All things considered, it looks like Lenovo and Superfish still have much to do to convince their respective customers that their brands are trustworthy.

Featured image: Weyenbergh Jacky / Public Domain Pictures.net

ExpressVNP