As reported by Heise Online ( link), members at a German Thinkpad forum have noticed that some Lenovo Driver pages were infected with a Trojan dropper for a couple of days.
To be clear, it was an injected I-frame within the html page that caused infections.
Drivers, EXE files and Bios files were/are NOT infected.
Lenovo has cleaned up the site by now but for those NBR users who have visited those pages the last couple of days and didn't receive any warning from their security software, it might be wise to perform a scan with another program.
The java-based dropper was apparantly the Phoenix Kit and activated, it downloaded the Bredolab trojan.
More info on this nasty can be found on WildersSecurity were the I-frame has been 'dissected' in this thread.
Java-based Trojan downloader at Lenovo driver download page
Discussion in 'Security and Anti-Virus Software' started by Baserk, Jun 22, 2010.