Superfish VisualDiscovery
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 7 |
| First Seen: | February 23, 2015 |
| Last Seen: | July 28, 2020 |
| OS(es) Affected: | Windows |
After a wide variety of security issues involving Superfish VisualDiscovery, Microsoft, Lenovo, and other manufacturers have decided to remove certificates associated with Superfish VisualDiscovery. These will be completely eliminated on Windows, meaning that computer users can rest assured knowing that the Superfish VisualDiscovery advertisement injection methods and similar problems are a thing of the past. For a while, the Superfish VisualDiscovery Web browser add-on was being employed to generate rogue certificates which undermined security Internet connections. This had caused Superfish VisualDiscovery to become the target of criticism. The problem linked to Superfish VisualDiscovery is not with the Superfish VisualDiscovery application itself but because of the careless way the root certificate and encryption were handled. In fact, computer users were still at risk for security issues involving Superfish VisualDiscovery even if the program was uninstalled.
Table of Contents
Security Issues Linked to Superfish VisualDiscovery
The Superfish VisualDiscovery root certificate private key is locally available, a huge no-no in security. This is because it could then be decrypted and extracted with little effort. The private key in a certificate would allow a third-party to carry out attacks using compromised networks in order to intercept encrypted data from client to server, without making their presence known! Even if the Superfish VisualDiscovery application is eliminated by uninstalling it, the root certificate might remain behind, meaning that the risk continued on the affected Web browser. Essentially, the Superfish VisualDiscovery add-on would be associated with several browsers on the affected computer, creating certificate entries which may then be exploited.
What is Superfish VisualDiscovery?
Superfish VisualDiscovery acts like a typical PUP or Potentially Unwanted Program. Its main purpose is to insert advertisements into websites viewed by computer users in order to point them to special online deals or shopping opportunities. PC security researchers cannot stress enough that Superfish VisualDiscovery is not threatening. However, Superfish VisualDiscovery uses a poorly implemented proxy server which uses an SSL Digestor engine which may be used to create root CA certificates and private keys. Other programs that rely on this use the same password, which may be easily cracked and used for unwanted purposes.
Superfish VisualDiscovery may be installed automatically, or without the computer users' knowledge of the full implications of installing Superfish VisualDiscovery. Essentially, PUPs like Superfish VisualDiscovery are installed by including them during the installation of other software. One particularly worrying issue with Superfish VisualDiscovery is that Superfish VisualDiscovery was included in Lenovo brand notebooks, which meant that unknowing consumers were exposed to this security risk.
Known Exposure to Superfish VisualDiscovery
Superfish VisualDiscovery was pre-installed on some Lenovo computers between September of 2014 and January of the following year. One particularly affected Web browser by this problem is Mozilla Firefox. Microsoft has now added protection against Superfish VisualDiscovery in Windows Defender and Microsoft Security Essentials. Lenovo has also released an automated tool that allows computer users to remove Superfish VisualDiscovery and its associated root certificate.
The Superfish VisualDiscovery Problem in a Nutshell
All the talk of root certificates and other technical terms may become off-putting to regular consumers. PC security analysts have condensed this situation as follows:
- Superfish VisualDiscovery is a known adware add-on or PUP. While not threatening, Superfish VisualDiscovery was used to insert advertisements on Web browsers.
- Superfish VisualDiscovery has a known vulnerability that would allow a third-party to intercept encrypted data.
- Superfish VisualDiscovery was being installed by default and removing Superfish VisualDiscovery was not removing the vulnerability.
- Microsoft, Lenovo, and other affected parties have decided to stop supporting Superfish VisualDiscovery and have released tools and updates that allow the complete removal of Superfish VisualDiscovery and content associated with this adware extension.
If Superfish VisualDiscovery is installed on your Web browser, PC security researchers recommend the use of a fully updated malware remover to ensure that all security issues have been patched.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.