Superfish 2.0 – Dell Laptops Preinstalled with Similar Malware and Security Flaw
Earlier this year, several cases came to light where brand new Lenovo laptops came preinstalled with a strain of adware that was being used by hackers to steal sensitive data. This adware was known as ‘Superfish’ and it affected thousands of PC users around the world. The Superfish adware effectively exposed these new Lenovo laptops to man-in-the-middle (MITM) attacks and led to a drastic vulnerability in online security and privacy.
Over the last few days, it has been discovered that Lenovo is not the only PC manufacturer that has to deal with such issues. Dell, the world’s 3rd largest PC manufacturer behind Lenovo, is now facing flak because a similar malware has been discovered on some new Dell machines as well. This security flaw was discovered a few days back and it has been termed eDellRoot.
What is eDellRoot and what does it do?
The issue garnered attention because eDellRoot is a rogue SSL certificate that came preinstalled in several brand new Dell desktops and laptops. What this rogue certificate allows attackers to do is stage highly efficient and foolproof MITM attacks. So when a user is browsing the web or carrying out some online banking transactions, eDellRoot enables an attacker to impersonate the seemingly secure HTTPS page at any stage. This can lead to dangerous phishing attacks and the loss of highly confidential information.
Another highlight of eDellRoot is that it can reinstall itself even when it is spotted and deleted from a machine. While eDellRoot is not malicious in nature itself, it can easily be extracted and used by an attacker for nefarious purposes. Ultimately, this can lead to a loss of login IDs, passwords, browsing information, cookies and other crucial information.
How to check if your Dell machine has eDellRoot
If you have recently purchased a Dell machine, then you need to carry out the following steps to see if eDellRoot is present:
- Open the Start menu and type certmgr.msc into the search box
- Click on Trusted Root Certification Authority in the left panel
- Click on Certificates in the right panel and see if you can find eDellRoot
- If you see eDellRoot there, right-click on it and delete it
However, it has been reported that even after doing this, the eDellRoot certificate reappears when the machine is rebooted. It has also been reported that Mozilla Firefox informs users about the un-trustworthy nature of this certificate. So users of new Dells are advised to use Mozilla Firefox as their web browser.
Several sources have claimed that in order to successfully delete the eDellRoot certificate completely from a system, it is necessary to remove the Dell.Foundation.Agent.Plugins.eDell.dll module from the system. We are working on gathering more information about these steps and whether it works and will be sharing an update on them soon. So stay tuned for more instructions on how to remove eDellRoot from your Dell system. You can also read more about this security vulnerability here.
The trend of preinstalling new laptops with unsafe security certificate seems certain to continue and highlights growing negligence by OEMs to ensure that their machines are completely secure. Whether OEMs actually take these incidents in their stride and consciously alter their certificate strategies in the future remains to be seen.
Source:
The Hacker News
22 Comments
Thanks for such an enlightening article.
Dear Thank you so much this information helps to customers for buying new laptops
What about HP Laptops?
Hi Satendar,
As of now, HP laptops have not been found to contain this malware or other similar variants.
Regards.
Quick Heal is a good Ant virus .I install Quick Heal all computer in th departmaent.
Thank you for this post. I recently bought Dell Inspiron 15 5558 Core i5 5th generation. Thankfully it doesn’t have the superfish 2.0 malware as mentioned in this article.
thank you very much
Quick Heal is a good Ant virus .I install Quick Heal all computer in th departmaent.lokseva
good article explaining the flaw , had bought a new dell 5548 few months back, upgraded it to win10, just to make sure i checked the eDellroot, found it and deleted it . thanks alot
Thanks a lot for very useful info
What about Acer Laptop, i have Acer laptop (Aspier 5750G).
Hi Mahesh,
As of now, no traces of this malware have been found to be preinstalled on Acer laptops. We will post notifications in case such malware is detected on Acer laptops in the future.
Regards.
I remember getting a notification about Superfish on my Lenovo Laptop by Quick Heal total Security system. I was gone for some days & it was back for some time. Now I do`t get that notification. Does it mean that Superfish has been deleted? Does Superfish posses the same property as edellroot?
Hi Uday,
If the notification has not appeared again, then it is probably removed from your system. If you want to check, you can follow the steps mentioned here – https://blogs.quickheal.com/lenovo-users-can-remove-superfish-adware/.
Regards.
thanks…
not about acer laptop. why?
Hi Kunal,
As of now, no traces of this malware have been found to be preinstalled on Acer laptops. We will post notifications in case such malware is detected on Acer laptops in the future.
Regards.
Thanks To Quick Heal Ant Virus
BEST QULITI ANT VIRES Q
Quick heal up gradation taking time is very lengthy it should be fast and quick
My new Lenovo Lap top is infected with Superfish. I would be greatful if you could suggest how to remove the malaware.
Hi Sanjiv,
Kindly click on the link below. This will take you to the official page of Lenovo where they have listed out the instructions on how to remove the Superfish Adware.
https://support.lenovo.com/in/hi/product_security/superfish_uninstall
Regards,