Compliance Management, Malware, Privacy

Lenovo-related website redirected visitors to Angler EK

A Lenovo-related website apparently redirected visitors on March 13 to the Angler exploit kit, “a source of no small amount of crypto-ransomware,” according to an F-Secure blog post penned by researcher Sean Sullivan.

The post noted that although the compromise of the “startpage.lenovo.com” portal site may not have lasted too long “the consequences could be significant,” depending in part on the volume of traffic at the site on that Sunday evening.

The researcher at F-Secure said the findings come from upstream detection reports from its customers. “Exploit:JS/AnglerEK.D is the detection which triggered these particular upstream reports,” the post noted. “Angler's recent payload is TeslaCrypt. And that we detect as Trojan:W32/Rimecud.A!DeepGuard and Trojan:W32/TeslaCrypt.X!DeepGuard.”

Sullivan noted that he doesn't use a portal as his “start page.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds