Warning - Lenovo download-site is infected by trojan downloader - RESOLVED

Mornsgrans - thanks for the info.   we've been discussing this internally since early this morning and are looking into the situation.   we hope to have a solution soon.

thanks,

-erik

I know it.

I've informed AGotthelf about that in the German thinkpad-forum about that.

I think, that the community should get a warning, so i posted it here including the four new found links.

Hello mornsgrans,

thanks for posting it here.

Unfortunately it seems, that some more links are infected now.

Yes indeed. After tcone of the german thinkpad-forum had found more infected pages i decided to post them directly here instead using the indirect way

I also posted a warning in the forum.thinkpads.com but HarryC seems not to belive me

Excuse my disbeleif, but I didn't want to beleive this until you presented proof, which you've done.  Doesn't everyone else think it would be prudent to shut down Lenovo.com until this is resolved?

---

Mornsgrans wrote:

Yes indeed. After tcone of the german thinkpad-forum had found more infected pages i decided to post them directly here instead using the indirect way

 

I also posted a warning in the forum.thinkpads.com but HarryC seems not to belive me

---

Usually it is very rare for the official site download files to be infected by Trojans, but after recent incidents with different major companies download files carrying malwares/trojans, anything is possible. 

Thank you for telling us this. 

---

harryc wrote:

Excuse my disbeleif, but I didn't want to beleive this until you presented proof, which you've done.  Doesn't everyone else think it would be prudent to shut down Lenovo.com until this is resolved?

---

the proper people have been informed.   since it's the weekend there isn't much that can be done until people get back to work on monday.

Since this morning published on www.heise.de , the website of the german computer magazine c't:

http://www.heise.de/newsticker/meldung/Schadcode-beim-Lenovo-Treiber-Download-1025789.html

If you select a Thinkpad-model in the driver matrix you'll get a warning now:

Link: http://www.abload.de/image.php?img=lenovosperrete52.jpg

In english:

As attacking reported site!

The website on download.lenovo.com has been reported as attacking site and blocked on the basis of your security settings.

Attacking Web sites try to install programs that steal private information, use your computer to attack others or damage your system.

Some websites intentionally distribute viruses and similar harmful software, but many sites are compromised without the knowledge or permission of the owner.

(google translator)

Google reports (after clicking the button "Why is the site blocked"):

In 39 page (s) for 46 pages on this site, we have tested in the last 90 days, it was found that malware (malicious software downloaded) without the consent of the user and installed. The last visit was from Google on this site was on 2010-06-20, and suspicious content on this site recently found on 2010-06-20.

Mornsgrans,

Thanks for the alert and advisory - we've alerted our support teams and will follow up as they investigate. 

Hopefully we will know more in the next couple of hours and will provide an update here.

In the meantime, i would advise customers to postpone downloads for a day or so to allow us time to fully investigate and take appropriate actions.

Thanks again,

Mark