Samsung Telecommunications America has malicious code on its website that disables antivirus programs, modifies registry keys and logs keystrokes when users attempt to download information from the site.
The Samsung Telecom server, which is located in the United States, has been affected for “some time,” according to Websense’s Websense Security Labs, which issued a security report to its own customers and those of Samsung and Websense two days ago.
No exploit code was discovered on the website, so users are affected only if they download information.
Joel Camissar, Websense manager, was unable to put a figure on the number of computers compromised, but said there is a high visiting rate to the site, as it is “very popular” in Australia.
“As of this morning, the website is still active with malicious code,” Camissar said.
“Organizations generally go to this site to download free e-cards and use the SMS service, so hackers have effectively compromised a trusted brand luring users rather than sending out phishing-related e-mails.”
Samsung Telecom Australia refused to comment, directing all inquiries to Samsung HQ in the US.
-Michael Crawford, Computerworld Today (Australia)
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.