Samsung Telecom Site hosting Crimeware

Date:09.06.2006

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ has received reports that the Samsung Telecom website is hosting malicious code. The site, which is hosted in the United States, has been hosting a number of directories and files which, when downloaded and run, install malicious code on end-users' machines.

The server appears to have been compromised and has been hosting a variety of files for some time (the owners have been contacted).

The most current code, which is still available for download, is a Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files, and log keystrokes when connecting to banking websites.

Currently there is no exploit code on the website that attempts to trigger a download of the file without user interaction. The site is hosting and most likely distributing files to users who are lured through Instant Messaging or email links.

Site screenshot: