Brand-New Lenovo Computers Infected With Malware

When you purchase a brand new computer do you expect it to contain a security threat right out of the box? Like many computer vendors, Lenovo includes software bundled in with their new machines. Often referred to as “bloatware,” this software is installed on the PC by the manufacturer for additional revenue. “Bloatware” is usually a means for the vendor to “add” something to the user’s experience, but what would happen if the software actually created a major security hole in your system. This is exactly what is happening right now with Lenovo.

A new security threat has been identified and isn’t infecting machines through conventional methods but is actually coming pre-installed by PC manufacturer Lenovo. The software is called Superfish and it was designed to alter search results, including those from Google, so when a user hovers over a product or listing, it shows additional information such as similar products at lower prices.  This software, by design, cripples a web browser’s ability to communicate securely. Consequently, hackers have identified methods to exploit this vulnerability to intercept data entered through the web browser. This includes personal information such as banking transactions, passwords, and other private communications. The exploit can cause the user to unknowingly share this personal data that is then compiled and used or distributed through the hacking community.

The Superfish software was included on new consumer-grade machines sold from September 2014 to January 2015 including on Lenovo’s popular Yoga and Flex models. This software was NOT included in any of Lenovo’s ThinkPad series laptops. Lenovo has since identified Superfish as a major security threat and released a software tool for safe removal.

Previously we identified the Superfish software as coming pre-installed on brand-new machines along with other unnecessary or extraneous software known as “bloatware.”   “Bloatware” has many variants and can effect or alter the computer environment in a variety of ways. In general, consumer grade desktops and laptops tend to contain drastically more “bloatware” that similar business level machines. Often times this software can consume the computers system resources such as RAM, processing power, and of course storage space. It also has the nasty habit of overall just cluttering up the system by physically occupying space in the system tray, start menu, and desktop. When you purchase a new machine, consider purchasing the hardware from us here at PICS-ITech. We only provide business grade equipment with a proven track record. In addition, when new hardware is installed by PICS-ITech, our first step in our setup process is to remove the pre-installed “bloatware” from the machine in its entirety. This way, when you receive your new machine, your machine is ready to go with the most current system updates, no bloatware, and of course is protected by our cutting-edge antivirus solution Webroot SecureAnywhere.


Next steps:

Now that we have classified the Superfish software as a threat, what can you do to protect yourself? If you believe you have a machine that may be infected, you may visit this link to the Superfish Vulnerability Test ( This webpage will alert you if you are indeed affected by Superfish or a similar security threat. Removal instructions can be found here, provided by Lenovo: Superfish Removal Instructions.

If you are affected and would like assistance, please contact our helpdesk right away at or by calling us at (609) 702-3920. We will work with you to remove the threat and ensure that your data is safe from interception.

At PICS-ITech we strive to proactively mitigate these types of issues. Our remote management software is constantly polling data from your machines, providing us a constant listing of all software in use on your machine. If the Superfish software has been detected, the removal tool is automatically downloaded and run on your machine. In addition, our antivirus software has deemed Superfish a threat and will quarantine any remnant of the threat if any remains on the system. These are specific examples of the service that we provide and the methods we utilize to keep you safe from the most current threats affecting PCs in businesses today. If you have any specific questions please don’t hesitate to contact your dedicted VCIO, Andrew Kimmelman at or by calling (609) 534-4812.



Leave a comment!

You must be logged in to post a comment.