[w-ll]

Is this project really from Lenovo? The github profile has just this 1 project?

[taspeotis]

Yes, Lenovo link to it themselves [1].

[1] http://support.lenovo.com/us/en/product_security/superfish_u... "Automatic Removal Tool Source code"

[cma]

Also possible that a Lenovo employee was at a coffee shop using wifi connected to the corporate CMS using http"s" and someone unrelated to Lenovo linked their fake repo on his/her behalf.

[fpgeek]

The account page is using the Lenovo logo. If it isn't them, I'd expect Github to get a takedown request ASAP, especially considering the current situation.

[bdkoepke]

The direct-download url is also from lenovo.

http://download.lenovo.com/pccbbs/thinkvantage_en/metroapps/...