Monday, 11 September 2006

Samsung Web Site Hosts Key Logging Trojan

Hackers have broken into the Samsung web site, infecting certain portions of the site with a trojan. "The most current code, which is still available for download, is a Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files, and log keystrokes when connecting to banking web sites," Websense said in an advisory.

Reported to the company only recently, it is believed that the US-based server contained a number of directories and files which, if downloaded and run, would have infected PCs with malicious code.

While it now known how long the malware has been sitting on the servers is not known, Websense feels it was probably 'some time'’ Simply visiting the site wouldn't have promoted an infection, the vendor said, and would have required user interaction, most probably after being lured through scam instant messages or e-mails.

Increasingly, security experts have been warning users to only trust information and content on sites they know and trust. But when hackers compromise known sites, it puts many users at serious risk for infection as most would not think the content they're downloading would be malicious.

Incidents like the hack of the Samsung web site are on the increase, say experts. Attacks are likely to begin to appear in seemingly benign places, Symantec Security Response director David Cole warned in hisblog this week.