Lenovo’s Driver Download Site Serving Malware
According to a warning from security researchers, unknown hackers have inserted a malicious iFrame into the support website belonging to Lenovo a major computer manufacturing company in China during the 4th weekend of June 2010.
The researchers as well caution that unwitting surfers visiting the site and searching for drivers become victims of a number of exploits, which load the Bredolab Trojan to their PCs.
Although linked up with the volgo-marun.cn server, this iFrame even then resides on a number of download.lenovo.com pages.
Additionally, the concealed iFrame diverted Web-surfers onto http://volgo-marun.cn/pek/index.php, where an exe.exe named file waited for exploits to load it after abusing many security flaws inside Internet Explorer, Adobe Flash Player and Adobe Reader.
States the Vietnamese anti-virus provider BKIS, the file that's a Bredolab variant starts making a replica of itself, called %Programs%\Startup\monskc32.exe and then connects to a command-and-control server for taking further instructions. The malware resides on the sicha-linna8.com website, the AV vendor reports. Help Net Security published this in news on June 21, 2010.
BKIS further reports that since June 20, 2010, infection has set on the pages. Nevertheless, according to some end-users, they've been receiving security alerts while going to the download website of Lenovo since June 19, 2010.
Meanwhile, it's worth noting that merely 10 of the 41 Virus Total-listed anti-virus programs detected the malevolent executable. Also, Google has blacklisted the full sub-domain, download.lenovo.com through its Safe Browsing service.
Caution the researchers that despite the malevolent .cn domain seeming as off the Net currently, it could again get activated anytime. Hence, computer users are recommended that they avoid the Lenovo support site during the next day or two, by when the manufacturer will likely clean up the mess.
Related article: Limbo Trojan Used to Phish Off Online Banking Credentials
» SPAMfighter News - 29-06-2010