# Complaint filed against Lenovo over pre-installed Superfish adware

A [complaint](http://www.coreyvarma.com/wp-content/uploads/2015/02/S.D.-Cal.-15-cv-00368-dckt-000001_000-filed-2015-02-19.pdf) [has been](http://www.coreyvarma.com/wp-content/uploads/2015/02/S.D.-Cal.-15-cv-00368-dckt-000001_000-filed-2015-02-19.pdf) filed against Lenovo in the U.S. District Court for the Southern District of California for Lenovo’s [admitted](http://news.lenovo.com/article_display.cfm?article_id=1929) [(pdf](http://news.lenovo.com/article_display.cfm?article_id=1929)[)](http://www.coreyvarma.com/wp-content/uploads/2015/02/LENOVO-STATEMENT-ON-SUPERFISH.pdf) preloading of Superfish adware on their customers’ computers.

Superfish injects product recommendations into search results and displays ads on otherwise legitimate pages. But, it also includes a universal self-signed certificate authority. This universal certificate authority allows man-in-the-middle attacks to inject ads even on secure encrypted (SSL) pages without triggering browser security warnings. Thus, making Lenovo laptops vulnerable to malware and malicious man-in-the-middle attacks. Additionally, Superfish adware uses memory resources and consumes bandwidth, affecting computer and network performance.

The Plaintiff, a blogger from San Diego, Jessica Bennett, alleges her laptop was damaged as a result of Lenovo’s pre-installation of Superfish on her laptop.

The complaint requests a jury trial and class action certification. The complaint charges both Lenovo and Superfish with violations of: The California Invasion of Privacy Act (CIPA); The Federal Electronic Communications Privacy Act (ECPA); Trespass to personal chattel under California common law; and “fraudulent” business practices under California’s Unfair Competition Law.
