Websense: Samsung Telecom Site Hosting Crimeware

["Fergie" <fergdawg () netzero net>]

Just ran across this...

[snip]

Websense® Security Labs™ has received reports that the Samsung Telecom
website is hosting malicious code. The site, which is hosted in the
United States, has been hosting a number of directories and files
which, when downloaded and run, install malicious code on end-users'
machines.

The server appears to have been compromised and has been hosting a
variety of files for some time (the owners have been contacted).

The most current code, which is still available for download, is a
Trojan Horse that attempts to disable anti-virus programs, modify
registry keys, download additional files, and log keystrokes when
connecting to banking websites.

Currently there is no exploit code on the website that attempts to
trigger a download of the file without user interaction. The site is
hosting and most likely distributing files to users who are lured
through Instant Messaging or email links.

[snip]

More:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=604

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.