Our friends at IBM have been pre-loading Superfish, a "visual search" tool that includes ad ware that fakes the encryption certificates for every HTTPS-protected site you visit, on its PCs since at least the middle of 2014.
------------List of infected machines at bottom of page!--------------
Essentially, the software conducts a man-in-the-middle attack to fill the websites you visit with ads, and leaves you vulnerable to hackers in its wake. The ad ware intrinsic to Superfish is designed to inject visual price-comparison ads into the web pages you visit, in a “Visual Search results” section “powered by Visual Discovery.”
How do you get ride of it?
If you see that, you’re affected (though maybe “infected” is the better word to use).
Doing so is easy: Just head to Control Panel > Programs > Uninstall a Program and look for Visual Discovery. If you see it, uninstall it!
Ditch that troublesome root certificate
The biggest problem with Superfish isn’t the ad ware itself so much as the way it hijacks legitimate SSL traffic. It does so by installing a self-generated root certificate in the Windows certificate store—a hallowed area usually reserved for trusted certificates from major companies like Microsoft and VeriSign—and then resigns all SSL certificates presented by HTTPS sites with its own certificate.
In other words, Superfish conducts a man-in-the-middle attack and breaks the sanctity of HTTPS encryption. And simply removing the ad ware itself doesn’t remove the rogue root certificate.
You can revoke that certificate manually,
First, press Windows key + R on your keyboard to bring up the Run tool, then search for certmgr.msc to open your PC’s certificate manager.
Once that opens, click on “Trusted root certificate authorities” in the left-hand navigation pane, then double-click “Certificates” in the main pane. A list of all trusted root certificates will appear. Find the Superfish entry, then right-click on it and select “Delete.”
Is your Lenovo on the list?
Lenovo has released a list of affected systems, but the wording is rather odd. The company states that Superfish may have appeared on the following models: (emphasis added)
G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30