It’s a given that nobody likes adware loaded on their new systems by the manufacturer but usually, it is no more than a nuisance and can be easily removed in most cases. However, when that software includes a major security flaw, making man-in-the-middle attacks infinitely easier to carry out, you have a major issue on your hands.
Just last month (February 2015), it came to light that major hardware vendor Lenovo had been shipping machines with the Superfish adware pre-installed. This piece of software included a very insecure certificate that allowed interception or even redirection and modification of HTTPS traffic without triggering any warnings in the browser. The impact to you could be critical, putting your company’s (and user’s) sensitive data in jeopardy. You can be impacted in many ways, including: Your traffic could be intercepted, allowing attackers to harvest authentication information, intellectual property, or other sensitive data. Traffic could also be modified to route users and/or data to malicious sites. Attackers could impersonate a valid endpoint and trick a user into sending them sensitive data or log-in credentials, enabling identity theft and fraud.
The AlienVault Labs team has already released correlation rules to help spot activity related to the Superfish adware. With AlienVault Unified Security Manager (USM) they will help you identify when Superfish is present on a system and also when Superfish is being used in a connection.
