AOL advertising network used to distribute malware
AOL advertising network used to distribute malware

In a Monday interview with SCMagazine.com, Joe Siegrist, CEO of LastPass, a security company that created a security tool for users to check whether they have Superfish on their machine, said that after investigating the adware issue, LastPass found that a major browser maker outside of the U.S. appeared to be accepting invalid certificates generated by Superfish.

“In this particular case, the browser itself wasn't checking certificates at all,” Siegrist said, adding that the firm has not disclosed the company's name in order to give it time to resolve the security issue.

Ian Amit, Vice President of ZeroFOX, a social risk management and social media security firm, explained a practical way in which attackers could try to leverage MitM attacks against users running Superfish.

In a Monday interview, he said that simply uploading photos to social media networks, such as Facebook, Twitter or Flickr, where geolocation data is embedded in images, could prove useful to saboteurs.

“Once you know those users' locations, it's trivial to show up and abuse that [information] by claiming to be a Wi-Fi network [near them],” Amit explained. “It's very easy, even in a car next to their Starbucks or home, to pretend to be those wireless networks,” using Wi-Fi sniffing tools, he said. Amit added that attackers could, easily enough, pinpoint areas where Lenovo models running Superfish are likely to be – whether on university campuses or other locations where “finding those pockets of people on social media” is only a Google search away.

Soon after Lenovo apologized for its practice of pre-installing Superfish on customers' computers, security experts published directions on how to uninstall the adware and remove the certificate.