The U.S. corporate website of Samsung Telecom has been hijacked and used to host and distribute malware, security vendor Websense has revealed.
Reported to the company only recently, it is believed that the U.S.-based server contained a number of directories and files which, if downloaded and run, would have infected PCs with malicious code.
How long the malware has been sitting on the servers is not known, though Websense feels it was probably “some time.” Simply visiting the site wouldn’t have promoted an infection, the vendor said, and would have required user interaction, most probably after being lured through scam instant messages or emails.
Websense described the malware as being a “Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files, and log keystrokes when connecting to banking websites.”
After claiming the malware was “still available for download” as of Sept. 7, it now appears that Samsung has removed the files. “Websense has contacted Samsung in this case. This is protocol for all major exploits of this nature,” a spokesperson told us.
Hijacking websites to host malware is a common exploit, though it is still rare for it to go unnoticed on branded websites for any length of time. Reproduction websites have appeared in the past, while elements on real pages, such as banner ads, have also been taken over to spread worms.
