backtop

Internet Samsung Website Contains Key Logging Trojan
Tuan Nguyen (Blog) - September 8, 2006 1:27 PM
Print E-mail del.icio.us 11 comment(s) - last by Souka.. on Sep 8 at 11:11 PM
Samsung's website remains compromised

According to several reports, Samsung's Telecom website has been playing host to a number of key-logging trojans, of which the company itself was unaware of. Security experts at Websense reported that it had informed Samsung of the breach but even today, Samsung has yet to remove the offending files from the website.

The trojan, said Joel Camissar of Websense, was able to log keystrokes and disable anti-virus applications. Visitors to Samsung's website are at risk to having their passwords stolen as well as other critical information such as financial data -- banking passwords, account numbers, etc.

Websense says that Samsung's webservers were compromised and since then have hosted a number of trojans. Security experts have also been saying that new web technologies such as AJAX have vulnerabilities that allow hackers to craft malicious code, modifying the websites directly from a remote location. Samsung was contacted by Websense as well as ZDnet but unfortunately the company has not responded to either.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
heh....
By Souka on 9/8/2006 1:43:13 PM , Rating: 4
"it is believed that the US-based server contained a number of directories and files which, if downloaded and run, would have infected PCs with malicious code. "

So... u have to download and RUN the malicious code...

The "alerts" make it sound like u goto the site and ZAP... your anti-virus is disabled, and passwords are being logged... sheesh....

I kinda bet Antivirus and/or Spyware apps on your PC probably pop up with warnings too.... but since there's always STUPID people, they click "OK" and then bitch about things....

Yes, Samsung Telcom should fix the problem, should appologize, should pay for any dammages that might occour, but that's it. Damn lawyers....






RE: heh....
By ZeeStorm on 9/8/2006 2:20:06 PM , Rating: 1
Ya, they definately made it sound like it hacks through the net and kills your computer, haha. Stupid media always tries to scare people, gets them more publicity :)

It's more about the words you say thant the news itself.


RE: heh....
By Runiteshark on 9/8/2006 2:47:45 PM , Rating: 2
w0w u shur no ur codin!!


Wrong, it could be possible that with AJAX you can do the same thing as with Java, as in ebedd something that gets executed on the hosts machine when you view the site (and most people would since its just a harmless java thing right) thus getting more bots for your botnet or whatever.


With AJAX I'm not to sure but I would think that your browser is always refreshing whenever an update is made, and if you are using IE you could easily toss in a coulple 0days or other random exploits for viewers to run on their machine.

Seriously, there is a ton of random exploits for IE.


RE: heh....
By TomZ on 9/8/2006 2:53:15 PM , Rating: 2
wow u shur no ur FUD!! :o)

The media reports clearly state that the exploit is a trojan that requires the user to explicitly download and execute files.

How long the malware has been sitting on the servers is not known, though Websense feels it was probably "some time." Simply visiting the site wouldn’t have promoted an infection, the vendor said, and would have required user interaction, most probably after being lured through scam instant messages or emails.
http://www.techworld.com/security/news/index.cfm?n...


RE: heh....
By Souka on 9/8/2006 11:11:35 PM , Rating: 2
zactly!


Huh?
By DigitalFreak on 9/8/2006 1:40:00 PM , Rating: 5
quote:
The trojan said Joel Camissar of Websense, was able to log keystrokes and disable anti-virus applications.


According to the trojan, Joel Camissar was logging keystrokes and disableing anti-virus applications? LOL




RE: Huh?
By Burning Bridges on 9/8/2006 4:48:20 PM , Rating: 2
Haha, that made me laugh =)


RE: Huh?
By BladeVenom on 9/8/2006 9:00:09 PM , Rating: 2
Don't believe it. Those Trojans are notorious liars and are just trying to besmirch Joel's reputation.


By TomZ on 9/8/2006 1:37:22 PM , Rating: 5
Just to be clear, the compromised web site is that of Samsung Telecom, not the main Samsung web site that most consumers and businesses might visit.

http://www.techworld.com/security/news/index.cfm?n...

This fact seems to be suspiciously missing from many of the media reports.




Visiting the site with Firefox safe?
By Vinnybcfc on 9/8/2006 1:38:04 PM , Rating: 2
I had to visit the site about a week to 2 weeks ago to get a firmware update for a yp-z5 browsed with Firefox on the UK and US site

Is the trojan a mostly undetected one or should most anti-viruses pick it up?




By Vinnybcfc on 9/8/2006 1:38:51 PM , Rating: 2
Sorry did not see Tomzs post above (typing this at the time)


"Paying an extra $500 for a computer in this environment -- same piece of hardware -- paying $500 more to get a logo on it? I think that's a more challenging proposition for the average person than it used to be." -- Steve Ballmer









botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki