Support in other languages: 
Reply
Guru
Mornsgrans
Posts: 2,438
Registered: ‎03-19-2009
Location: Idar-Oberstein, Germany
Accepted Solution

Warning - Lenovo download-site is infected by trojan downloader - RESOLVED

[ Edited ]

Hello

the following Driver matrices sites for Thinkpads contain a link to a trojan downloader:

 

hxxp://download.lenovo.com/lenovo/content/ddfm/MIGR-61596.html (R51e)
hxxp://download.lenovo.com/lenovo/content/ddfm/MIGR-67100.html (X41 Tablet)
hxxp://download.lenovo.com/lenovo/content/ddfm/MIGR-68184.html (Reserve Edition)
hxxp://download.lenovo.com/lenovo/content/ddfm/MIGR-46024.html (R40, R40e)

hxxp://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-74581 (Edge)

 

A script leads to hxxp://volgo-marun.cn/pek/...

("http" changed to "hxxp")

 

 

I have sent the informations via site-feedback to Lenovo

 

Be carefeul

--------------------------------
My home-forum: http://www.thinkpad-forum.de
Wiki: Deutsches ThinkPad-Wiki English ThinkWiki
My ThinkPad-Collection
erik
Posts: 5,013
Registered: ‎11-23-2007
Location: United States

Re: Warning - Lenovo download-site is infected by trojan downloader

Mornsgrans - thanks for the info.   we've been discussing this internally since early this morning and are looking into the situation.   we hope to have a solution soon.

 

thanks,

 

-erik

this is the least untruthful answer i can give.Microsoft MVP

Guru
Mornsgrans
Posts: 2,438
Registered: ‎03-19-2009
Location: Idar-Oberstein, Germany

Re: Warning - Lenovo download-site is infected by trojan downloader

I know it.

 

I've informed AGotthelf about that in the German thinkpad-forum about that.

 

I think, that the community should get a warning, so i posted it here including the four new found links.

--------------------------------
My home-forum: http://www.thinkpad-forum.de
Wiki: Deutsches ThinkPad-Wiki English ThinkWiki
My ThinkPad-Collection
Agotthelf
Posts: 3,777
Topics: 137
Kudos: 241
Solutions: 182
Registered: ‎01-05-2008
Location: Münster, Germany GMT +1

Re: Warning - Lenovo download-site is infected by trojan downloader

Hello mornsgrans,

 

thanks for posting it here.

 

Unfortunately it seems, that some more links are infected now.

_________________________________________________________
Follow
@LenovoForums on Twitter!
Try the forum search, before first posting: Forum Search Option
Please insert your type, model (not S/N) number and used OS in your posts.
I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.

English English Community      Deutsche Deutsche Community      Español Comunidad en Español

Guru
Mornsgrans
Posts: 2,438
Registered: ‎03-19-2009
Location: Idar-Oberstein, Germany

Re: Warning - Lenovo download-site is infected by trojan downloader

Yes indeed. After tcone of the german thinkpad-forum had found more infected pages i decided to post them directly here instead using the indirect way :smileywink:

 

I also posted a warning in the forum.thinkpads.com but HarryC seems not to belive me :smileysad:

--------------------------------
My home-forum: http://www.thinkpad-forum.de
Wiki: Deutsches ThinkPad-Wiki English ThinkWiki
My ThinkPad-Collection
Retired Guru
harryc
Posts: 124
Registered: ‎11-23-2007
Location: Upstate New York
0

Re: Warning - Lenovo download-site is infected by trojan downloader

Excuse my disbeleif, but I didn't want to beleive this until you presented proof, which you've done.  Doesn't everyone else think it would be prudent to shut down Lenovo.com until this is resolved?

lead_org
Posts: 20,750
Topics: 128
Kudos: 1,234
Solutions: 1,323
Registered: ‎12-19-2008
Location: Australia, Melbourne

Re: Warning - Lenovo download-site is infected by trojan downloader

 


Mornsgrans wrote:

Yes indeed. After tcone of the german thinkpad-forum had found more infected pages i decided to post them directly here instead using the indirect way :smileywink:

 

I also posted a warning in the forum.thinkpads.com but HarryC seems not to belive me :smileysad:


 

Usually it is very rare for the official site download files to be infected by Trojans, but after recent incidents with different major companies download files carrying malwares/trojans, anything is possible. 

 

Thank you for telling us this. 

Regards,

Jin Li

May this year, be the year of 'DO'!

I am a volunteer, and not a paid staff of Lenovo or Microsoft
erik
Posts: 5,013
Registered: ‎11-23-2007
Location: United States

Re: Warning - Lenovo download-site is infected by trojan downloader


harryc wrote:

Excuse my disbeleif, but I didn't want to beleive this until you presented proof, which you've done.  Doesn't everyone else think it would be prudent to shut down Lenovo.com until this is resolved?


the proper people have been informed.   since it's the weekend there isn't much that can be done until people get back to work on monday.

 

this is the least untruthful answer i can give.Microsoft MVP

Guru
Mornsgrans
Posts: 2,438
Registered: ‎03-19-2009
Location: Idar-Oberstein, Germany

Re: Warning - Lenovo download-site is infected by trojan downloader

[ Edited ]

Since this morning published on www.heise.de , the website of the german computer magazine c't:

http://www.heise.de/newsticker/meldung/Schadcode-beim-Lenovo-Treiber-Download-1025789.html

 

 

If you select a Thinkpad-model in the driver matrix you'll get a warning now:

 

Link: http://www.abload.de/image.php?img=lenovosperrete52.jpg

 

In english:

 

As attacking reported site!

The website on download.lenovo.com has been reported as attacking site and blocked on the basis of your security settings.

Attacking Web sites try to install programs that steal private information, use your computer to attack others or damage your system.

Some websites intentionally distribute viruses and similar harmful software, but many sites are compromised without the knowledge or permission of the owner.

(google translator)

 

Google reports (after clicking the button "Why is the site blocked"):

 

In 39 page (s) for 46 pages on this site, we have tested in the last 90 days, it was found that malware (malicious software downloaded) without the consent of the user and installed. The last visit was from Google on this site was on 2010-06-20, and suspicious content on this site recently found on 2010-06-20.

 

 

--------------------------------
My home-forum: http://www.thinkpad-forum.de
Wiki: Deutsches ThinkPad-Wiki English ThinkWiki
My ThinkPad-Collection
Mark_Lenovo
Posts: 7,834
Topics: 410
Kudos: 1,308
Solutions: 283
Registered: ‎11-19-2007
Location: RTP, North Carolina

Re: Warning - Lenovo download-site is infected by trojan downloader

Mornsgrans,

 

Thanks for the alert and advisory - we've alerted our support teams and will follow up as they investigate. 

 

Hopefully we will know more in the next couple of hours and will provide an update here.

 

In the meantime, i would advise customers to postpone downloads for a day or so to allow us time to fully investigate and take appropriate actions.

 

Thanks again,

 

Mark

____________________________________________

ThinkPads: S30, T43, X60t, X1, W700ds, IdeaPad Y710, IdeaCentre: A300, IdeaPad K1
Mark Hopkins
Program Manager, Lenovo Social Media (Services)
www.twitter.com/lenovoforums
www.facebook.com/lenovo

English English Community      Deutsche Deutsche Community      Español Comunidad en Español