The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Java-based Trojan downloader at Lenovo driver download page

    Discussion in 'Security and Anti-Virus Software' started by Baserk, Jun 22, 2010.

  1. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    As reported by Heise Online ( link), members at a German Thinkpad forum have noticed that some Lenovo Driver pages were infected with a Trojan dropper for a couple of days.

    To be clear, it was an injected I-frame within the html page that caused infections.
    Drivers, EXE files and Bios files were/are NOT infected.

    Lenovo has cleaned up the site by now but for those NBR users who have visited those pages the last couple of days and didn't receive any warning from their security software, it might be wise to perform a scan with another program.

    The java-based dropper was apparantly the Phoenix Kit and activated, it downloaded the Bredolab trojan.

    More info on this nasty can be found on WildersSecurity were the I-frame has been 'dissected' in this thread.
     
    Baserk, Jun 22, 2010
    #1