Superfish is 'adware', or software that automatically displays adverts and is not particularly loved at the best of times.
However Robert Graham, CEO of U.S.-based security research firm Errata Security, said Superfish was malicious software that hijacks and throws open encrypted connections, paving the way for hackers to also commandeer these connections and eavesdrop, in what is known as a man-in-the-middle attack.
Graham said that Superfish hurts Lenovo's reputation and demonstrates the deep flaw that the company neither knows nor cares what it bundles on their laptops."
Lenovo has removed Superfish from consumer computers but there is no one to quote as the outfit is closed for the New Year holiday.
Graham and other experts said Lenovo was negligent, and that computers could still be vulnerable even after uninstalling Superfish. The software throws open encryptions by giving itself authority to take over connections and declare them as trusted and secure, even when they are not.
"The way the Superfish functionality appears to work means that they must be intercepting traffic in order to insert the ads," said Eric Rand, a researcher at Brown Hat Security. "This amounts to a wiretap."