Samsung, the celebrated Asian consumer electronics giant, recently suffered a cyber assault : Some files hosted on the company’s official website have been infected with dangerous malware. This was stated by the experts of Websense, who have already informed the managers of Samsung that the files in question are removed. According to the researchers, the usual unknowns managed to penetrate the site and transform some parts into a real distribution center for a particularly insidious Trojan.
“Users risk downloading the Trojan”, reads the Websense website, “and jeopardizing their bank accounts.” The trojan in question uses key-logging techniques to store the data entered by the users of the infected computers: in this way, the authors of the malware could come into possession of any access codes to personal bank accounts or electronic correspondence services.
Fortunately, the Websense technicians point out, the trojan must be downloaded and installed: although the files at risk can be reached directly on the Samsung website, users must be routed to them by links disseminated by e-mail or through instant messaging. This is a technique particularly used in cases of phishing, telematic scams against users of online banking services. No section of the Samsung site, in fact, allows you to download the Trojan: neither automatically, thanks to the use of particular scripts, nor through a hypertext link published between the official pages.
What has raised the most surprise among observers, as noted by Symantec Security Response Director David Cole, is the apparent change of tactics adopted by phishers in order to spread their threat. Usually the most savvy phishers spread malware thanks to official-looking sites, real red herrings used to induce visitors to “trust” the downloads offered. This time around, however, the phishers seem to have gone further, taking advantage of the name and trustworthiness of a large company.
