An analysis of the recent iFrame hack of the lenovo download page...

Hi malware fighters,

The malcode has been taken off now, so I cannot put it no longer in the threats etc. section, but what it must have meant for users that trust lenovo as a vendor when their site got hacked through a Chinese domain recently and people’s laptops won’t start up etc., all particulars described here: http://www.wilderssecurity.com/showthread.php?t=275338

It again demonstrates that the Internet is broken to quite some degree, and if the right people do not get together to take the bad apples out of the basket in a concerted effort it can take a long time before it will get any more secure out there…

polonus

That’s so true…!
Thanks for that statement, D.!!
asyn

Well no difference here to any of the other hundreds of thousands of hacked sites and the old trusted site status is not to be trusted. So you have to trust in your security applications (avast web shield & network shield), your browser (firefox, with noscript {Embeddings, forbid iframes} and requestpolicy, add-ons, etc.).

If all else fails, a robust backup and recovery strategy.

Hi DavidR,

But isn’t it a sad situation really that the common user is left as a sitting duck as well are are non-aware/non-trained webmasters etc. We know how to protect, but the average user is not…
That because of a small number of bad ignorant hosters/so-called “bad apples” the web can be infested like “a stinking basket” to such a degree, and then we never know where the evil multi-headed malcreant/cybercriminal monster will again raise it’s ugly head, after one website has been cleansed the other one has already become (multi-)infested. We are always running after the facts, boys and gals and kids…
Should not a couple of the right men come together to rid the Internet of this abuse or the situation will get from bad to worse. There certainly must be ways to slowly but surely root this evil out (certification, machine authentication, blocking the baddies or those that won’t cooperate) or is this a gliding way into Internet2 provided on “their” terms - where I leave in the middle what is meant by “they”,

Damian

You shouldn’t use Lenovo

MADE IN CHINA

The Chinese government’s Academy of Science is Lenovo’s largest single stakeholder, owning about 27 percent of the company.

There is the possibility of computer back doors which may transfer information to Chinese spies.

Unfortunately that is always the way, no point in hacking a site that has a few hundred hits a year to one that has a several thousand a day. But the duty of care should apply to those popular sites to ensure they are secure and protect their customers.

Well, the media do try to make users aware of such problems, often many months after it becomes a problem, but those same users don’t pay attention to what is said security wise about internet flaws/scams/vulnerabilities, etc. They continue on blissfully ignorant until they get a serious infection, depriving them of the use of their computer or the target of fraudulent activity, then and only then do they start to sit up and take notice; that is a sad fact of life.

Hi davidR,

That is good we definitely agree on some of these facts of life. May it be a lesson to the many that come here, that they may alter their ways considering computer security…

polonus

You are a believer in Conspiracy Theories:
http://www.abovetopsecret.com
http://media.abovetopsecret.com/media/5451/ATS_News_08_-_Israeli_Body_Snatchers_-_Organ_Harvesting_Conspiracy