Apparently visitors to the Samsung US website are having the pleasure of receiving a trojan as part of their visit. This is according to a report by Websense Security Labs.
Websense® Security Labs™ has received reports that the Samsung Telecom website is hosting malicious code. The site, which is hosted in the United States, has been hosting a number of directories and files which, when downloaded and run, install malicious code on end-users’ machines.
The server appears to have been compromised and has been hosting a variety of files for some time (the owners have been contacted).
The most current code, which is still available for download, is a Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files, and log keystrokes when connecting to banking websites.
Currently there is no exploit code on the website that attempts to trigger a download of the file without user interaction. The site is hosting and most likely distributing files to users who are lured through Instant Messaging or email links.
Way to go guys.
