Website Lenovo distributed malicious code

Hackers have attacked vebsite to support downloading drivers from leading Chinese computer manufacturers, Lenovo and inserting malicious code into the website. Many users searching for computer drivers on this website have been removed from the system by Bredolab trojan.

According to Bkis, many customers access the Lenovo website on June 22 and 23 to download drivers that have received a warning from the security program announcing malicious code on the site.

ESET NOD32 Antivirus security program identifies files
pdf file with embedded malicious code is a trojan type (Photo: Internet)

The malicious code exploit code is stored in volgo-marun (.) Cn. After performing a number of checks to identify software that is carrying security flaws installed on the visitor's system, the exploit code will focus on the old Internet Explorer browser security vulnerabilities. Adobe Reader or Adobe Flash Player.

"These exploit codes will download the volgo-marun.cn/pek/exe.exe file (identified as a virus) into the victim computer. Virus is a variant of Bredolab Botnet After successful penetration , the virus will clone to% Programs% Startupmonskc32.exe and receive commands from the server with the domain name sicha-linna8.com ", according to the Bkis blog.

The new variant of malicious code is only recognized by 10/41 antivirus programs, tested by VirusTotal. The download.lenovo.com subdomain is marked " black " by Google's Safe Browsing service. Accordingly, users using two browsers FireFox and Chrome will receive malicious code alerts when opening the resources on this site.

The section to prevent access and warning of malicious code of Google Safe Browsing
(dark red frame in the middle of the page) - (Photo: Internet)

Currently, users are advised to temporarily not access the download.lenovo.com website until the cleanup department " clean " the malicious code and patch the vulnerability to prevent hackers from breaking in again.