Lenovo webpage redirected visitors to exploit kit

By on
Lenovo webpage redirected visitors to exploit kit

A Lenovo-related website apparently redirected visitors on 13 March to the Angler exploit kit, “a source of no small amount of crypto-ransomware”, according to an F-Secure blog post penned by researcher Sean Sullivan.

The post noted that although the compromise of the “startpage.lenovo.com” portal site may not have lasted too long “the consequences could be significant,” depending in part on the volume of traffic at the site on that Sunday evening.

The researcher at F-Secure said the findings come from upstream detection reports from its customers.

“Exploit:JS/AnglerEK.D is the detection which triggered these particular upstream reports,” the post noted. “Angler's recent payload is TeslaCrypt. And that we detect as Trojan:W32/Rimecud.A!DeepGuard and Trojan:W32/TeslaCrypt.X!DeepGuard.”

Sullivan noted that he doesn't use a portal as his “start page.”

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


Will Coronavirus impact the channel?
Yes - By making it harder to order hardware
Yes - Cancelled conferences and business trips will be widespread
Not directly - It will slow the economy and that may have an impact
No - We can't see any impact
Not negatively - It's already created demand for things like remote access
View poll archive

Log In

Username / Email:
  |  Forgot your password?