Updates to our Terms of Use

We are updating our Terms of Use. Please carefully review the updated Terms before proceeding to our website.

Friday, July 12, 2024 | Back issues
Courthouse News Service Courthouse News Service

Lenovo May Face Claims Over Installed Malware

SAN JOSE, Calif. (CN) - A federal judge said Friday that plaintiffs claiming Lenovo installed malicious adware on computers it sold to them have standing to bring their case, despite taking issues with some of their claims.

"There are sufficient allegations for standing," U.S. District Judge Ronald Whyte said Friday morning during a hearing on Lenovo's motion to dismiss.

Lenovo attorney Daniel Stephenson, with the firm K&L Gates, said the adware at issue in the complaint has since been addressed by the company, meaning there was little to no injury to the plaintiffs.

"The security anxiety over this software on Lenovo computers never manifested," Stephenson said. "It's been 19 months since these computers went online and there have been no hacking incidents and (the malware) has been removed from all computers."

Plaintiff attorney Andre Mura, with Gibbs Law Group, countered by telling Whyte that the fundamental operation of the malware installed by Lenovo was by definition hacking.

"Lenovo said it did not circumvent any technological barriers, but the malware de-encrytped then re-encrypted communication without authorization," Mura said.

The dispute stems from Lenovo's decision to install Superfish Visual Discovery programs, known in computer science lexicon as malware, on dozens of notebook models it shipped to customers no later than September 2014, according to court documents.

The installed Superfish malware intercepted images contained on Internet pages visited by the user, analyzed the images, and then presented the user with related advertisements. The multiple suits filed in court since the discovery of the malware installation accused Lenovo of failing to disclose the software's presence, going out of its way to prevent detection of the malware and using it to illicitly enhance its revenue stream.

The complaints say the malware made users more susceptible to hacking, which would endanger private information such as bank accounts.

"In comparison to the typical adware, the Superfish malware installed on Lenovo computers is far more nefarious," one of the complaints states. "Among other things, the software injected advertising into browsing sessions, hijacked secure connections, collected data, monitored activity, gathered personal information and left computer users vulnerable to outside attacks."

One of the plaintiffs, Jessica Bennett, claims the malware hurt her personal blogging business when inappropriate advertisements generated by the malware began appearing on her client's blogs and websites, which she accessed through her Lenovo computer.

In early 2015, when news of the malware installation broke, Lenovo's chief technology officer apologized for installing Superfish on the computers, saying the company "really messed up."

Stephenson said Friday that the apology and the subsequent removal of the software from computers means "there is very little in the way of harm or injury" to the plaintiffs.

Bennett, however, continues to seek not only injunctive relief but also restitution and damages for the harm to her business. Other plaintiffs are also seeking damages for what they claim are Lenovo's violations of several statutes including the Computer Fraud and Abuse Act and the Federal Wiretap Act.

Whyte indicated he was less likely to consider some of the alleged violations if the case were to move forward.

"I think the claim for conspiracy to commit computer fraud is not an adequate pleading of conspiracy," Whyte said.

Mura said the plaintiffs were willing to shore up their allegations if the court directed, but maintained a conspiracy to commit fraud was perpetrated by Lenovo and Superfish.

"We have alleged a concerted agreement by Lenovo and Supervish to create visual discovery and establish a revenue stream and to do so without authorization," Mura said.

Stephenson argued the computers were owned by Lenovo at the time, so no authorization was needed.

Whyte said he would rule on the motion to dismiss in the coming weeks.

"We are looking forward to a ruling," Mura said following the hearing.

Stephenson declined to comment.

Follow @@MatthewCRenda
Categories / Uncategorized

Subscribe to Closing Arguments

Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.