The world's largest maker of personal computers faced criticism from cybersecurity specialists regarding Superfish's ability to monitor Web behavior and suggest advertisements based on images that a user might be viewing. The technology essentially broke the encryption between Web browsers and banking, e-commerce and other sites that handle sensitive information, potentially exposing machines to hacking.
The hack of lenovo.com was corrected in about an hour, said Andrew Hay, director of security research at OpenDNS, a San Francisco-based security company. Based on publicly accessible information, the attack involved altering the records of Lenovo's domain-name registrar, which is Web Commerce Communications Ltd, located in Kuala Lumpur.
"The major walking-away point is all those domains you registered years ago. It's time to go back and look at the settings," Hay said.
An attack against a company's domain-name registrar is not an attack directly against the company itself. It is a circuitous way to hijack a company's Web traffic by telling Internet servers to go to a different address than the company's homepage.