It turns out that Lenovo wasn't the only one using SSL certs that unlock every SSL site on the Internet.

Trojan.Nurjax, a malicious program Symantec discovered in December, hijacks the Web browsers of compromised computers and may download additional threats.

Matt Richard, a threats researcher on the Facebook said that Nurjax is one such example of newly found software that incorporates HTTPS-defeating code from an Israeli company called Komodia.

Combined with the Superfish ad-injecting software preinstalled on some Lenovo computers and three additional applications there are now 14 known apps that use Komodia technology.
Named and shamed are CartCrunch Israel, WiredTools, Say Media Group, Over the Rainbow Tech, System Alerts, ArcadeGiant, Objectify Media, Catalytix Web Services and OptimizerMonitor.
Richard said that all these applications make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove.

"These intercepting SSL proxies won't keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic."

Komodia can bypass secure sockets layer protections by modifying the network stack of computers that run its underlying code. It installs a self-signed root CA certificate that allows the library to intercept encrypted connections from any HTTPS-protected website on the Internet.

Superfish CEO Adi Pinhas issued a statement on Friday saying Superfish software posed no security risk.