Lenovo users be cautious:

[striker]

According to :http://www.heise.de/newsticker/meldung/Sch...ad-1025789.htmlthe download.lenovo.com server seems to be poisoned with a trojan/dropper.The problem seems to be an invisible IFrame which links to some place in china. (I've withheld the actual link)English translation (google):http://translate.google.com/translate?js=y...sl=de&tl=en

[Guest LilBambi]

Google search results reports it also on the Lenovo forums:Warning - Lenovo download-site is infected by trojan downloaderNot the first time it's happened to Lenovo either. Back in 2008, it happened to the Lenovo USB Webcam software as reported here on IBM site.Can tell you one thing, I don't think I want to own a Lenovo after this.Fool me once, shame on you. Fool me twice, shame on me.

[striker]

Their team is working on it... that's about time!

Users of Firefox and Chrome will be able to see the virus alert, however, IE users won't. Regardless of the type of browsers, like Mark has advised, please postpone downloads for a day or so to allow us time to fully investigate and take appropriate action. FYI, it currently only impacts html files hosted on download.lenovo.com , and the general lenovo.com domain is unaffected. That means you can still look for info such as drivers EXE, PDF, warranty status, IWS, system service parts, etc.

see message 11 at:http://forums.lenovo.com/t5/forums/replypa...message-id/8008Imo: they should have taken down that site immediately, not days after the fact, but immediately at the moment the problem was acknowledged.

[striker]

updateMore sh** to happen: the server serving the malware seems to be up again: so stay away from download.lenovo.com.The malware is a Phoenix exploit kit/Bredolab trojan combo(see http://www.malwaredomainlist.com/mdl.php?s...mp;quantity=50)

[lewmur]

updateMore sh** to happen: the server serving the malware seems to be up again: so stay away from download.lenovo.com.The malware is a Phoenix exploit kit/Bredolab trojan combo(see http://www.malwaredomainlist.com/mdl.php?s...mp;quantity=50)

I have an IBM Thinkpad and visit the Lenovo forums just about daily. But I do so from FF in Mint9. Am I correct in assuming I'm immune to the trojan?

[striker]

From what I gathered 'between all messages' they're specifically targeting IE users. FF and Chrome will show a warning to get out of there ASAP. The malware files are AFAIK Windows type files; they could theoretically be downloaded on a linux box but they can't run of course. When using FF on linux you too should get the warning to get out of there ASAP. However, I just would stay away from there until someone confirms the site has been cleaned thoroughly. I wonder how long it takes those 'admins' to remove the piece of code responsible for this fiasco. Heise mentions in an update of their initial article the code was removed, however I haven't been able to find any confirmation about that yet, and certainly not from any one of the responsible ones at lenovo; so better stay away there for now.I also own a lenovo but not one of the effected series, so I'm on top of this of course and also while knowing a couple of members over here using this brand. Myabe these guys should hire a linux admin to wipe the crap out of there! Good grieve, what's holding them so long to do this or close the site down???

[lewmur]

From what I gathered 'between all messages' they're specifically targeting IE users. FF and Chrome will show a warning to get out of there ASAP. The malware files are AFAIK Windows type files; they could theoretically be downloaded on a linux box but they can't run of course. When using FF on linux you too should get the warning to get out of there ASAP. However, I just would stay away from there until someone confirms the site has been cleaned thoroughly. I wonder how long it takes those 'admins' to remove the piece of code responsible for this fiasco. Heise mentions in an update of their initial article the code was removed, however I haven't been able to find any confirmation about that yet, and certainly not from any one of the responsible ones at lenovo; so better stay away there for now.I also own a lenovo but not one of the effected series, so I'm on top of this of course and also while knowing a couple of members over here using this brand. Myabe these guys should hire a linux admin to wipe the crap out of there! Good grieve, what's holding them so long to do this or close the site down???

It won't do much good to remove the malware until they find out how, and block the method being used to infect the site. From what I understand, they removed it only to have it become infected again almost at once.

[striker]

Yep, that's how I too understood it. However I'm still the opinion they should have taken down the site until the garbage has been cleaned up.

[striker]

Update:

Our e-support teams have been actively investigating and working to correct this issue. An initial round of clean up has been completed, and a secondary re-validation is in progress to ensure all infected files have been remediated. Investigation of the source of the infection is also underway, and I feel confident that preventative measures will be undertaken to prevent a similar future recurrence. It may take up to 24 hours for our site to be fully reviewed and cleared by many of these 3rd party alerts. We appreciate your patience as we work through this, and will provide further updates once the work is completed.

http://forums.lenovo.com/t5/General-Discus...-p/242362#M8017

[striker]

The site has been confirmed cleared of Malware

http://forums.lenovo.com/t5/General-Discus...-p/242572#M8030