November 19th, 2008

Malware found in Lenovo software package

Posted by Ryan Naraine @ 11:07 am

Categories: Anti Virus, Browsers, Data theft, Malware, Microsoft, Research, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms

Tags: Lenovo Group Ltd., Malware, Microsoft Windows, Spyware, Adware & Malware, Cyberthreats, Microsoft Windows XP, Tools & Techniques, Viruses And Worms, Security, Operating Systems

Computer maker Lenovo is shipping a malware-infected software package to Windows XP users, according to warning from anti-virus researchers at Microsoft.

The malicious file was identified by Microsoft as Win32/Meredrop, a Trojan dropper that is used to install and execute multiple malicious executables on an infected computer. Other anti-virus vendors are detecting the threat as a ‘hooligan’ virus or a porn dialer. It was found the Lenovo Trust Key software for Windows XP, a digitally signed driver package available to Windows XP SP2 users.

The infected software is used to install the Lenovo Security Logon and the Lenovo Private folder applications for use with the Lenovo Trust Key (also known as Lenovo Insider Key).

[ SEE: Malware-infected USB drives distributed at security conference ]
My sources tell me the Lenovo package contains lots of files, including the one with the embedded malware.  At first glance, the malicious file contains functional, but buggy code and attemps to infect files, spread across the network and USB drives.

Lenovo has been notified and is investigating the issue.

UPDATE: Lenovo has removed the compromised download from its Web site.