You may have heard of “Superfish” as it’s the latest Panic Du Jour in the media, but there’s a lot of nonsense going about. Here’s the bottom line.
If you’ve bought a consumer (ie, not business) Lenovo computer in the last five months, it probably came with some software called Superfish. Lenovo stopped bundling it in December, but those machines will probably have continued to sell for a while.
This software is supposed to be some sort of image-based search tool, but the way it operates presents a very real security risk. Whilst it’s not technically malware per sé, it uses some pretty nefarious tactics.
I’d urge you (if you’ve got a recent Lenovo) to check for its presence and uninstall it if you find it. Moreover, you also need to remove a component it leaves behind. There’s full instructions on Sophos’s blog site here.
If you want a sensible technical overview of what it’s doing there’s a great article on their site too, here.