Samsung Web Site Infecting Visitors
Security firm Websense warned this week that attackers had apparently broke into the Web site of telecommunications company Samsung, infecting certain portions of the site with a Trojan horse. The firm said it was likely that the site had been infected for some time.
"The most current code, which is still available for download, is a Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files, and log keystrokes when connecting to banking websites," Websense said in an advisory.
While the Trojan is dangerous, it requires user interaction in order for it to be installed onto the computer. The security firm said it believed those infected were being lured to the site through instant messaging or e-mail links.
Websense has alerted Samsung of the problem, but as of Friday morning the code was still accessible on the site. The fact that the malware is coming from a reputable source's actual Web site, rather than some faked version, worries researchers.
Increasingly, security experts have been warning users to only trust information and content on sites they know and trust. But when hackers compromise known sites, it puts many users at serious risk for infection as most would not think the content they're downloading would be malicious.
Incidents like the hack of the Samsung Web site are on the increase, say experts. Attacks are likely to begin to appear in seemingly benign places, Symantec Security Response director David Cole warned in his Web log this week.
Samsung has not publicly commented on the situation.