Superfish 2.0 – Dell Laptops Preinstalled with Similar Malware and Security Flaw

Superfish 2.0 on Dell

Earlier this year, several cases came to light where brand new Lenovo laptops came preinstalled with a strain of adware that was being used by hackers to steal sensitive data. This adware was known as ‘Superfish’ and it affected thousands of PC users around the world. The Superfish adware effectively exposed these new Lenovo laptops to man-in-the-middle (MITM) attacks and led to a drastic vulnerability in online security and privacy.

Over the last few days, it has been discovered that Lenovo is not the only PC manufacturer that has to deal with such issues. Dell, the world’s 3rd largest PC manufacturer behind Lenovo, is now facing flak because a similar malware has been discovered on some new Dell machines as well. This security flaw was discovered a few days back and it has been termed eDellRoot.

What is eDellRoot and what does it do?

The issue garnered attention because eDellRoot is a rogue SSL certificate that came preinstalled in several brand new Dell desktops and laptops. What this rogue certificate allows attackers to do is stage highly efficient and foolproof MITM attacks. So when a user is browsing the web or carrying out some online banking transactions, eDellRoot enables an attacker to impersonate the seemingly secure HTTPS page at any stage. This can lead to dangerous phishing attacks and the loss of highly confidential information.

Another highlight of eDellRoot is that it can reinstall itself even when it is spotted and deleted from a machine. While eDellRoot is not malicious in nature itself, it can easily be extracted and used by an attacker for nefarious purposes. Ultimately, this can lead to a loss of login IDs, passwords, browsing information, cookies and other crucial information.

How to check if your Dell machine has eDellRoot

If you have recently purchased a Dell machine, then you need to carry out the following steps to see if eDellRoot is present:

  • Open the Start menu and type certmgr.msc into the search box
  • Click on Trusted Root Certification Authority in the left panel
  • Click on Certificates in the right panel and see if you can find eDellRoot
  • If you see eDellRoot there, right-click on it and delete it

However, it has been reported that even after doing this, the eDellRoot certificate reappears when the machine is rebooted. It has also been reported that Mozilla Firefox informs users about the un-trustworthy nature of this certificate. So users of new Dells are advised to use Mozilla Firefox as their web browser.

Several sources have claimed that in order to successfully delete the eDellRoot certificate completely from a system, it is necessary to remove the Dell.Foundation.Agent.Plugins.eDell.dll module from the system. We are working on gathering more information about these steps and whether it works and will be sharing an update on them soon. So stay tuned for more instructions on how to remove eDellRoot from your Dell system. You can also read more about this security vulnerability here.

The trend of preinstalling new laptops with unsafe security certificate seems certain to continue and highlights growing negligence by OEMs to ensure that their machines are completely secure. Whether OEMs actually take these incidents in their stride and consciously alter their certificate strategies in the future remains to be seen.

Source:
The Hacker News

Rahul Thadani

Rahul Thadani


22 Comments

Your email address will not be published.

CAPTCHA Image

  1. Thanks for such an enlightening article.

    Reply
  2. Avatar varun valandDecember 1, 2015 at 11:16 AM

    Dear Thank you so much this information helps to customers for buying new laptops

    Reply
  3. Avatar Satendar KumarDecember 3, 2015 at 2:06 PM

    What about HP Laptops?

    Reply
    • Rahul Thadani Rahul ThadaniDecember 3, 2015 at 3:54 PM

      Hi Satendar,

      As of now, HP laptops have not been found to contain this malware or other similar variants.

      Regards.

      Reply
  4. Avatar s.k.upadyayaDecember 3, 2015 at 3:14 PM

    Quick Heal is a good Ant virus .I install Quick Heal all computer in th departmaent.

    Reply
  5. Thank you for this post. I recently bought Dell Inspiron 15 5558 Core i5 5th generation. Thankfully it doesn’t have the superfish 2.0 malware as mentioned in this article.

    Reply
  6. Avatar RASID MALIKDecember 3, 2015 at 3:41 PM

    thank you very much

    Reply
  7. Avatar hashmi latifDecember 3, 2015 at 4:54 PM

    Quick Heal is a good Ant virus .I install Quick Heal all computer in th departmaent.lokseva

    Reply
  8. Avatar Zameer FouzanDecember 3, 2015 at 7:14 PM

    good article explaining the flaw , had bought a new dell 5548 few months back, upgraded it to win10, just to make sure i checked the eDellroot, found it and deleted it . thanks alot

    Reply
  9. Thanks a lot for very useful info

    Reply
  10. Avatar Mahesh JadhavDecember 3, 2015 at 10:31 PM

    What about Acer Laptop, i have Acer laptop (Aspier 5750G).

    Reply
    • Rahul Thadani Rahul ThadaniDecember 7, 2015 at 11:53 AM

      Hi Mahesh,

      As of now, no traces of this malware have been found to be preinstalled on Acer laptops. We will post notifications in case such malware is detected on Acer laptops in the future.

      Regards.

      Reply
  11. I remember getting a notification about Superfish on my Lenovo Laptop by Quick Heal total Security system. I was gone for some days & it was back for some time. Now I do`t get that notification. Does it mean that Superfish has been deleted? Does Superfish posses the same property as edellroot?

    Reply
  12. thanks…

    Reply
  13. Avatar kunal singh bamilDecember 4, 2015 at 9:51 AM

    not about acer laptop. why?

    Reply
    • Rahul Thadani Rahul ThadaniDecember 7, 2015 at 11:51 AM

      Hi Kunal,

      As of now, no traces of this malware have been found to be preinstalled on Acer laptops. We will post notifications in case such malware is detected on Acer laptops in the future.

      Regards.

      Reply
  14. Thanks To Quick Heal Ant Virus

    Reply
  15. BEST QULITI ANT VIRES Q

    Reply
  16. Avatar Er: Jaya Chandra RautarayDecember 10, 2015 at 11:40 AM

    Quick heal up gradation taking time is very lengthy it should be fast and quick

    Reply
  17. My new Lenovo Lap top is infected with Superfish. I would be greatful if you could suggest how to remove the malaware.

    Reply