Samsung Telecom Site hosting Crimeware

Websense® Security Labs™ has received reports that the Samsung Telecom website is hosting malicious code. The site, which is hosted in the United States, has been hosting a number of directories and files which, when downloaded and run, install malicious code on end-users' machines.

The server appears to have been compromised and has been hosting a variety of files for some time (the owners have been contacted).

The most current code, which is still available for download, is a Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files, and log keystrokes when connecting to banking websites.

Currently there is no exploit code on the website that attempts to trigger a download of the file without user interaction. The site is hosting and most likely distributing files to users who are lured through Instant Messaging or email links.

Site screenshot within full alert. For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/ale … lertID=604

Websense Security Labs
Websense Security Labs discovers and investigates today's advanced internet threats and publishes its findings enabling organizations to best protect employee computing environments from increasingly sophisticated and dangerous internet threats.