Lenovo hit with lawsuit over Superfish snafu

23.02.2015
Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and unhappy customers are now dragging the company to court on the matter.

A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with "fraudulent" business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.

Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called "spyware" in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.

The lawsuit was filed after Lenovo admitted to pre-loading Superfish on some consumer PCs. The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series.

Lenovo has since issued fixes to remove Superfish applications and certificates from PCs. Microsoft's Windows Defender and McAfee's security applications also remove Superfish since Friday.

Lenovo earlier admitted it "messed up" by preloading Superfish on computers. The software plugs product recommendations into search results, but can hijack connections and open major security holes, thus leaving computers vulnerable to malicious attacks.

The first complaints of Superfish on Lenovo's laptops emerged in September last year, but it became a real security issue when a hacker Marc Rogers pointed it out in a blog post.

Bennett, a blogger, purchased a Yoga 2 laptop to conduct business and communicate with clients. She noticed "spam advertisements involving scantily clad women" appearing on her client's website when writing a blog post for the customer. After seeing pop-ups on other websites, she assumed her computer had spyware or had been hacked, but then scoured the forums to notice similar behavior on other Lenovo laptops. She then rooted out the problem to be Superfish, which could intercept secure communication and leave computers vulnerable.

Superfish also used memory resources and took up Internet bandwidth, according to the court document.

Damages from Lenovo and Superfish are being sought as part of the lawsuit filed in the U.S. District Court for the Southern District of California.

A Lenovo spokesman declined comment on the lawsuit.

Agam Shah covers PCs, tablets, servers, chips and semiconductors for IDG News Service. Follow Agam on Twitter at @agamsh. Agam's e-mail address is agam_shah@idg.com

Agam Shah