Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Lenovo’s Driver Download Site Serving Malware

According to a warning from security researchers, unknown hackers have inserted a malicious iFrame into the support website belonging to Lenovo a major computer manufacturing company in China during the 4th weekend of June 2010.

The researchers as well caution that unwitting surfers visiting the site and searching for drivers become victims of a number of exploits, which load the Bredolab Trojan to their PCs.

Although linked up with the volgo-marun.cn server, this iFrame even then resides on a number of download.lenovo.com pages.

Additionally, the concealed iFrame diverted Web-surfers onto http://volgo-marun.cn/pek/index.php, where an exe.exe named file waited for exploits to load it after abusing many security flaws inside Internet Explorer, Adobe Flash Player and Adobe Reader.

States the Vietnamese anti-virus provider BKIS, the file that's a Bredolab variant starts making a replica of itself, called %Programs%\Startup\monskc32.exe and then connects to a command-and-control server for taking further instructions. The malware resides on the sicha-linna8.com website, the AV vendor reports. Help Net Security published this in news on June 21, 2010.

BKIS further reports that since June 20, 2010, infection has set on the pages. Nevertheless, according to some end-users, they've been receiving security alerts while going to the download website of Lenovo since June 19, 2010.

Other quarters issuing warnings about the affected server are Web browsers Chrome and Firefox. Meanwhile, Lenovo apparently hasn't responded to the problem. Consequently, the security loophole is likely to be still exposed with the result hackers can potentially implant revised iFrame web-links in the context of the download web-pages whenever they may want. Moreover, different virus scanning firms warned of a Trojan downloader featured with a JavaScript.

Meanwhile, it's worth noting that merely 10 of the 41 Virus Total-listed anti-virus programs detected the malevolent executable. Also, Google has blacklisted the full sub-domain, download.lenovo.com through its Safe Browsing service.

Caution the researchers that despite the malevolent .cn domain seeming as off the Net currently, it could again get activated anytime. Hence, computer users are recommended that they avoid the Lenovo support site during the next day or two, by when the manufacturer will likely clean up the mess.

Related article: Limbo Trojan Used to Phish Off Online Banking Credentials

» SPAMfighter News - 6/29/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page