|
|
|
Lenovo s Driver Download Site Serving Malware |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Lenovo s Driver Download Site Serving Malware Par SPAMfighter NewsLe [2010-06-29] à 11:46:52
Présentation : According to a warning from security researchers, unknown hackers have inserted a malicious iFrame into the support website belonging to Lenovo a major computer manufacturing company in China during the 4th weekend of June 2010. The researchers as well caution that unwitting surfers visiting the site and searching for drivers become victims of a number of exploits, which load the Bredolab Trojan to their PCs. Although linked up with the volgo-marun.cn server, this iFrame even then resides on a number of download.lenovo.com pages. Additionally, the concealed iFrame diverted Web-surfers onto http volgo-marun.cn pek index.php, where an exe.exe named file waited for exploits to load it after abusing many security flaws inside Internet Explorer, Adobe Flash Player and Adobe Reader. States the Vietnamese anti-virus provider BKIS, the file that's a Bredolab variant starts making a replica of itself, called pourcentsProgramspourcents Startup monskc32.exe and then connects to a command-and-control server for taking further instructions. The malware resides on the sicha-linna8.com website, the AV vendor reports. Help Net Security published this in news on June 21, 2010. BKIS further reports that since June 20, 2010, infection has set on the pages. Nevertheless, according to some end-users, they've been receiving security alerts while going to the download website of Lenovo since June 19, 2010. Other quarters issuing warnings about the affected server are Web browsers Chrome and Firefox. Meanwhile, Lenovo apparently hasn't responded to the problem. Consequently, the security loophole is likely to be still exposed with the result hackers can potentially implant revised iFrame web-links in the context of the download web-pages whenever they may want. Moreover, different virus scanning firms warned of a Trojan downloader featured with a JavaScript. Meanwhile, it's worth noting that merely 10 of the 41 Virus Total-listed anti-virus programs detected the malevolent executable. Also, Google has blacklisted the full sub-domain, download.lenovo.com through its Safe Browsing service. Caution the researchers that despite the malevolent .cn domain seeming as off the Net currently, it could again get activated anytime. Hence, computer users are recommended that they avoid the Lenovo support site during the next day or two, by when the manufacturer will likely clean up the mess.
Les mots clés de la revue de presse pour cet article : lenovo malware
Les videos sur SecuObs pour les mots clés : malware
Les mots clés pour les articles publiés sur SecuObs : malware
Les éléments de la revue Twitter pour les mots clé : malware
Les derniers articles du site "SPAMfighter News" :
- Stuxnet Trojan Attacks Siemen s Industrial Automation Systems
- Phishing Attacks on Stanford University
- Cybercriminals Exploited Software Vulnerabilities in Q2 2010
- UNM Online Community Targeted by Phishing Scams
- Yanceyville Women s Email Account Hacked by Email Scammer
- Cyber Criminals Shift towards Social Networks for Command and Control
- Microsoft Releases Fixes for Critical Windows Flaw
- New IRS Spam Emails Campaign Discovered
- Apple iTunes Version 9.2.1 Patches Critical Vulnerability
- Fake Check Scam Targets Two NH Attorneys, One Loses 240,000
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
