1:31 AM
Warning! Samsung Site Hosting Crimeware
network456
Thursday, September 07, 2006: Websense Security Labs has received reports that the Samsung Telecom website is hosting malicious code. The site, hosted in the US, has been hosting a number of directories and files which, when downloaded and run, install malicious code on end-users' machines.
According to Websense, the server appears to have been compromised and has been hosting a variety of files for some time.The most current code, which is still available for download, is a Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files and log keystrokes when connecting to banking websites, informs Websense.Currently, there is no exploit code on the website that attempts to trigger a download of the file without user interaction. The site is hosting and most likely distributing files to users who are lured through Instant Messaging or e-mail links.
According to Websense, the server appears to have been compromised and has been hosting a variety of files for some time.The most current code, which is still available for download, is a Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files and log keystrokes when connecting to banking websites, informs Websense.Currently, there is no exploit code on the website that attempts to trigger a download of the file without user interaction. The site is hosting and most likely distributing files to users who are lured through Instant Messaging or e-mail links.