Samsung site hijacked as malware host
The U.S. corporate website of Samsung Telecom has been hijacked and used to host and distribute malware, security vendor Websense has revealed.
Reported to the company only recently, it is believed that the U.S.-based server contained a number of directories and files which, if downloaded and run, would have infected PCs with malicious code.
How long the malware has been sitting on the servers is not known, though Websense feels it was probably "some time." Simply visiting the site wouldn't have promoted an infection, the vendor said, and would have required user interaction, most probably after being lured through scam instant messages or emails.
Websense described the malware as being a "Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files, and log keystrokes when connecting to banking websites."
After claiming the malware was "still available for download" as of Sept. 7, it now appears that Samsung has removed the files. "Websense has contacted Samsung in this case. This is protocol for all major exploits of this nature," a spokesperson told us.
Hijacking websites to host malware is a common exploit, though it is still rare for it to go unnoticed on branded websites for any length of time. Reproduction websites have appeared in the past, while elements on real pages, such as banner ads, have also been taken over to spread worms.
Fortinet Cures Mobile Phone “Curse of Silence/CurseSMS” Attack 2009-01-07 16:30:00+11
SEAGATE SHIPS DESKTOP HARD DRIVE WITH WORLD’S HIGHEST AREAL DENSITY – 500GB PER DISK 2009-01-06 15:34:00+11
New FileMaker Pro 10 Ships With Sleek New Interface and Breakthrough Reporting and Automating Features 2009-01-06 12:21:00+11
Lexar extends KODAK offering with Secure Digital High-Capacity, High-Speed Memory Card 2009-01-06 09:36:00+11
Dimension Data Establishes the Steve Ross Scholarship 2008-12-19 12:45:00+11
