06-20-2010 08:45 PM - editado 06-20-2010 11:28 PM
Hi All,
We suspect the issue caused by the unusual extra code in html pages. However, we can not confirm yet but we are looking for a quick fix and iron out the root cause asap with server team now.
Users of Firefox and Chrome will be able to see the virus alert, however, IE users won't. Regardless of the type of browsers, like Mark has advised, please postpone downloads for a day or so to allow us time to fully investigate and take appropriate action.
FYI, it currently only impacts html files hosted on download.lenovo.com , and the general lenovo.com domain is unaffected. That means you can still look for info such as drivers EXE, PDF, warranty status, IWS, system service parts, etc.
Thanks to everyone here who reported the issue especially Mornsgrans’ sharing. He is right at the attacking website which may steal private information etc.
Sorry for any inconvenience caused and thanks, again.
Regards,
Cleo
T410, x240
Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!
How to send a private message? --> Check out this article.
el
06-20-2010
11:18 PM
- fecha de última edición
06-21-2010
02:03 AM
por
Agotthelf
Too big picture converted to Link:
Warning Message in Chrome:
http://img138.imageshack.us/img138/9076/lenovok.jp
el 06-21-2010 01:37 AM
Oh My God! I have downloaded the BIOS and flash it on 19 June, no wonder my laptop is experiencing some startup problem now.
http://forum.lenovo.com/t5/W-Series-ThinkPad-Lapto
06-21-2010 02:53 AM - editado 06-21-2010 05:02 AM
I've got the information - but not tested - that the server from which the trojan downloader gets fetched, is up again.
heise.de wrote:
Update: There is now solid evidence that the dropper was the "Phoenix kit" and reloaded at the pest to the "Bredolab Trojan".
Info about the trojan: http://www.malwaredomainlist.com/mdl.php?search=vo
Heise.de also wrote that the iframe meanwhile has been removed but please wait until the moderators confirm it.
el 06-21-2010 10:15 AM
All,
Our e-support teams have been actively investigating and working to correct this issue. An initial round of clean up has been completed, and a secondary re-validation is in progress to ensure all infected files have been remediated.
Investigation of the source of the infection is also underway, and I feel confident that preventative measures will be undertaken to prevent a similar future recurrence.
It may take up to 24 hours for our site to be fully reviewed and cleared by many of these 3rd party alerts.
We appreciate your patience as we work through this, and will provide further updates once the work is completed.
Best regards,
Mark
06-21-2010 12:45 PM - editado 06-21-2010 12:46 PM
I hope, that Lenovo will establish an internal emergency system over week-ends and banking holidays to prevent the distribution of malware in a similar case by turning off the infected server immediatelly.
I read the "experiences" of a german business man whos Thinkpad got infected by this trojan, so that he had to buy annother laptop for a very important presentation because he had no time to fix it.
06-21-2010 12:54 PM - editado 06-22-2010 09:03 AM
Thank you for the update, Mark.
When the alert was first issued, I noticed that a few of the anti-virus and webpage scanners did not see this.
If anyone thinks that he may be having issues as a result of possibly downloading the malware in question, please feel free to post a diagnostic log at SpywareHammer or at one of the other help forums listed HERE. The security forums listed here are staffed by trained volunteers, and help is always free.
You will find instructions for posting the required logs at each forum. Please post at only one. It would be helpful to include a link to this topic or to the H-Security article.
English
Deutsche
Español
Português
Русскоязычное
I am not employed by Lenovo or Microsoft. I am a volunteer.
SpywareHammer
el 06-22-2010 07:53 AM
Please, I'd appreciate it if you edited the first post with clarifications, e.g.
- current status
- extent of infection (only webserver IFrames?)
- available alternatives.
E.g. are users downloading drivers & updates through Thinkvantage System Update safe?
Thanks!
06-22-2010 08:18 AM - editado 06-22-2010 08:19 AM
All,
The site has been confirmed cleared of Malware, and Google has rescanned and cleared the ban / warnings.
You should be able to access the site with confidence now. If you accessed the download section between late 6/18/2010 and 6/21/2010, I would recommend that you run an antivirus scan on your system. I would also suggest ensuring that the AV that you are using is up to date.
Additional updates to follow.
Mark
el 06-22-2010 08:33 AM
Hi Mark,
So far, I've not seen a message from Lenovo on its website (in particular not in the support section) that informs about the incident. Or if there is a message, then it's not very prominent. Wouldn't it be good if there were such a notice?