Lenovo’s download site has been infected with malicious codes since Sunday’s afternoon, June 20th; so users should be careful on visiting this site.
Many web pages on Lenovo’s download site are appended with an iframe which leads users to volgo-marun . cn/pek/index.php
Decoding the iframe, we find many vulnerabilities in Internet Explorer have been taken advantage to launch the attack.
The virus is a new variant of Bredolab Botnet with following MD5: F5A44C63F8777F544931ABC763F88EE3
For the time being, the scan result on Virus Total shows that only 10/40 AVs can detect this virus variant.