Showing results for 
Search instead for 
Do you mean 
Reply
Guru
Posts: 2,514
Registered: ‎03-19-2009
Location: Idar-Oberstein, Germany
Message 1 of 23 (10,211 Views)

Warning - Lenovo download-site is infected by trojan downloader - RESOLVED

[ Edited ]

Hello

the following Driver matrices sites for Thinkpads contain a link to a trojan downloader:

 

hxxp://download.lenovo.com/lenovo/content/ddfm/MIGR-61596.html (R51e)
hxxp://download.lenovo.com/lenovo/content/ddfm/MIGR-67100.html (X41 Tablet)
hxxp://download.lenovo.com/lenovo/content/ddfm/MIGR-68184.html (Reserve Edition)
hxxp://download.lenovo.com/lenovo/content/ddfm/MIGR-46024.html (R40, R40e)

hxxp://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-74581 (Edge)

 

A script leads to hxxp://volgo-marun.cn/pek/...

("http" changed to "hxxp")

 

 

I have sent the informations via site-feedback to Lenovo

 

Be carefeul

--------------------------------
My home-forum: http://www.thinkpad-forum.de
Wiki: Deutsches ThinkPad-Wiki English ThinkWiki
My ThinkPad-Collection
Coffee must be like women's eyes: deep black & shiny. ThinkPads have to be like men's feet: deep black & matte!
Posts: 5,462
Solutions: 614
Registered: ‎11-23-2007
Location: US
Message 2 of 23 (10,196 Views)

Re: Warning - Lenovo download-site is infected by trojan downloader

Mornsgrans - thanks for the info.   we've been discussing this internally since early this morning and are looking into the situation.   we hope to have a solution soon.

 

thanks,

 

-erik

ThinkStation P700 · C20      ThinkPad P40 · 600

Guru
Posts: 2,514
Registered: ‎03-19-2009
Location: Idar-Oberstein, Germany
Message 3 of 23 (10,175 Views)

Re: Warning - Lenovo download-site is infected by trojan downloader

I know it.

 

I've informed AGotthelf about that in the German thinkpad-forum about that.

 

I think, that the community should get a warning, so i posted it here including the four new found links.

--------------------------------
My home-forum: http://www.thinkpad-forum.de
Wiki: Deutsches ThinkPad-Wiki English ThinkWiki
My ThinkPad-Collection
Coffee must be like women's eyes: deep black & shiny. ThinkPads have to be like men's feet: deep black & matte!
Posts: 3,843
Topics: 135
Kudos: 281
Solutions: 185
Registered: ‎01-05-2008
Location: Münster, Germany GMT +1
Message 4 of 23 (10,167 Views)

Re: Warning - Lenovo download-site is infected by trojan downloader

Hello mornsgrans,

 

thanks for posting it here.

 

Unfortunately it seems, that some more links are infected now.

_________________________________________________________
Follow
@LenovoForums on Twitter!
Try the forum search, before first posting: Forum Search Option
Please insert your type, model (not S/N) number and used OS in your posts.
I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.

 English Community       Deutsche Community       Comunidad en Español

Guru
Posts: 2,514
Registered: ‎03-19-2009
Location: Idar-Oberstein, Germany
Message 5 of 23 (10,154 Views)

Re: Warning - Lenovo download-site is infected by trojan downloader

Yes indeed. After tcone of the german thinkpad-forum had found more infected pages i decided to post them directly here instead using the indirect way Smiley Wink

 

I also posted a warning in the forum.thinkpads.com but HarryC seems not to belive me Smiley Sad

--------------------------------
My home-forum: http://www.thinkpad-forum.de
Wiki: Deutsches ThinkPad-Wiki English ThinkWiki
My ThinkPad-Collection
Coffee must be like women's eyes: deep black & shiny. ThinkPads have to be like men's feet: deep black & matte!
Retired Guru
Posts: 124
Registered: ‎11-23-2007
Location: Upstate New York
Message 6 of 23 (10,141 Views)

Re: Warning - Lenovo download-site is infected by trojan downloader

Excuse my disbeleif, but I didn't want to beleive this until you presented proof, which you've done.  Doesn't everyone else think it would be prudent to shut down Lenovo.com until this is resolved?

Posts: 21,009
Topics: 128
Kudos: 1,272
Solutions: 1,357
Registered: ‎12-19-2008
Location: Australia, Melbourne
Message 7 of 23 (10,128 Views)

Re: Warning - Lenovo download-site is infected by trojan downloader

 


Mornsgrans wrote:

Yes indeed. After tcone of the german thinkpad-forum had found more infected pages i decided to post them directly here instead using the indirect way Smiley Wink

 

I also posted a warning in the forum.thinkpads.com but HarryC seems not to belive me Smiley Sad


 

Usually it is very rare for the official site download files to be infected by Trojans, but after recent incidents with different major companies download files carrying malwares/trojans, anything is possible. 

 

Thank you for telling us this. 

Regards,

Jin Li

May this year, be the year of 'DO'!

I am a volunteer, and not a paid staff of Lenovo or Microsoft
Posts: 5,462
Solutions: 614
Registered: ‎11-23-2007
Location: US
Message 8 of 23 (10,126 Views)

Re: Warning - Lenovo download-site is infected by trojan downloader


harryc wrote:

Excuse my disbeleif, but I didn't want to beleive this until you presented proof, which you've done.  Doesn't everyone else think it would be prudent to shut down Lenovo.com until this is resolved?


the proper people have been informed.   since it's the weekend there isn't much that can be done until people get back to work on monday.

 

ThinkStation P700 · C20      ThinkPad P40 · 600

Guru
Posts: 2,514
Registered: ‎03-19-2009
Location: Idar-Oberstein, Germany
Message 9 of 23 (9,976 Views)

Re: Warning - Lenovo download-site is infected by trojan downloader

[ Edited ]

Since this morning published on www.heise.de , the website of the german computer magazine c't:

http://www.heise.de/newsticker/meldung/Schadcode-beim-Lenovo-Treiber-Download-1025789.html

 

 

If you select a Thinkpad-model in the driver matrix you'll get a warning now:

 

Link: http://www.abload.de/image.php?img=lenovosperrete52.jpg

 

In english:

 

As attacking reported site!

The website on download.lenovo.com has been reported as attacking site and blocked on the basis of your security settings.

Attacking Web sites try to install programs that steal private information, use your computer to attack others or damage your system.

Some websites intentionally distribute viruses and similar harmful software, but many sites are compromised without the knowledge or permission of the owner.

(google translator)

 

Google reports (after clicking the button "Why is the site blocked"):

 

In 39 page (s) for 46 pages on this site, we have tested in the last 90 days, it was found that malware (malicious software downloaded) without the consent of the user and installed. The last visit was from Google on this site was on 2010-06-20, and suspicious content on this site recently found on 2010-06-20.

 

 

--------------------------------
My home-forum: http://www.thinkpad-forum.de
Wiki: Deutsches ThinkPad-Wiki English ThinkWiki
My ThinkPad-Collection
Coffee must be like women's eyes: deep black & shiny. ThinkPads have to be like men's feet: deep black & matte!
Posts: 8,592
Topics: 428
Kudos: 1,542
Solutions: 347
Registered: ‎11-19-2007
Location: US
Message 10 of 23 (9,622 Views)

Re: Warning - Lenovo download-site is infected by trojan downloader

Mornsgrans,

 

Thanks for the alert and advisory - we've alerted our support teams and will follow up as they investigate. 

 

Hopefully we will know more in the next couple of hours and will provide an update here.

 

In the meantime, i would advise customers to postpone downloads for a day or so to allow us time to fully investigate and take appropriate actions.

 

Thanks again,

 

Mark

____________________________________________

ThinkPads: S30, T43, X60t, X1, X1 Carbon Gen 3, W700ds, IdeaPad Y710, IdeaCentre: A300, IdeaPad K1, ThinkPad tablet
Mark Hopkins
Program Manager, Lenovo Social Media (Services)
twitter @lenovoforums
English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество
top kudoed authors