Lenovo Installs Malware on the Computers It Sells

ZDNet.com reported on 12th August, 2015 stating that Lenovo has been found using a technique, which some malware often use to withstand being deleted, to reinstall unwanted software on the computers it sells.

It has been reported on a number of forums and news-sharing sites, some users have charged Lenovo for overwriting Windows files to ensure its own-brand software and tools being installed even after a clean install of the operating system.

The issue was first reported initially in May 2015 but was reported in detail on Tuesday, 11th August, 2015.

The "rootkit"-style covert installer called Lenovo Service Engine (LSE) conceals in the BIOS/UEFI of Lenovo notebooks. Notably, a rootkit is a program which is generally a virus which loads prior to Windows and making it almost unattainable for security software solutions to intercept or remove it.

In this case, Lenovo's rootkit was present to ensure that Lenovo systems have a program known as OneKey Optimizer. If the program gets installed, LSE would remake it even if the laptop owner scrubbed their hard drive and installed a new copy of Windows.

LSE works in such a way that it turns from a shady ploy to a disaster. When it gets updates, it doesn't employ an encrypted Internet link. Hackers who could intercept the connection and could employ it to install anything on your system they wanted which is bad news.

This is the second instance in six months in which Lenovo has been caught for similar issue. Researchers identified in February a utility known as Superfish on Lenovo laptops which functions as an HTTP proxy and performs man-in-the-middle interception of requests and breeds certificates for HTTPS connections. Threatpost.com reported on 13th August, 2015 stating that Rob Graham, a researcher, splintered the password for the utility and the certificate for Superfish were identical on all impacted laptops.

The good news is that Lenovo is rectifying this situation quickly unlike the Superfish catastrophe.

Komando.com reported on 13th August, 2015 stating that when Roel Schouwenberg, a security researcher, brought dangers to the attention of Lenovo, it launched a tool to halt LSE and stopped installing it on new computers during June 2015.

» SPAMfighter News - 8/24/2015