Lenovo’ download site infected with Bredolab botnet

Lenovo’s download site has been infected with malicious codes since Sunday’s afternoon, June 20th; so users should be careful on visiting this site.

Many web pages on Lenovo’s download site are appended with an iframe which leads users to volgo-marun . cn/pek/index.php

Decoding the iframe, we find many vulnerabilities in Internet Explorer have been taken advantage to launch the attack.

The virus is a new variant of Bredolab Botnet with following MD5: F5A44C63F8777F544931ABC763F88EE3

For the time being, the scan result on Virus Total shows that only 10/40 AVs can detect this virus variant.

http://blog.bkis.com/en/lenovo-download-site-infected-with-bredolab-botnet/ via http://www.net-security.org/malware_news.php?id=1382

Leave a Reply