Who can you trust?
From technibble.com
"PC manufacturer Lenovo had its support website attacked over the weekend when some hackers infected the site with a rogue IFrame, reports Softpedia.com. Visitors looking for drivers have since then been exposed to several exploits that will infect them with the Bredolab trojan. The Lenovo site had been confirmed as infected since at least Sunday afternoon; there are reports of visitors getting antivirus warnings from the website since Saturday.
The IFrame that was injected into the website points to an exploit kit hosted on the domain volgo-marun.cn. The kit would run a few checks to see what software was on the victim’s computer and then serve an exploit pointed at older versions of Internet Explorer, Adobe Reader, or Flash. The exploit tries to remotely execute a file that contains the Bredolab virus. Le Minh Hung, senior security researcher at Vietnamese antivirus vendor Bkis explains,
These exploit codes attempt to load file hxxp://volgo-marun.cn/pek/exe.exe which is a virus, onto victim’s computer. The virus is a new variant of Bredolab Botnet […]. After being loaded onto the computers, the virus copies itself as %Programs%\Startup\monskc32.exe and receives commands from C&C server with domain sicha-linna8.com.
The download.lenovo.com subdomain was blacklisted by Google when the attack was occurring so Firefox or Google Chrome browsers would display a warning when the site was visited. After searching for an update about this attack and visiting the Lenovo support site on my own computer, the attack seems to be cleaned up by now."
No comments:
Post a Comment