Lenovo attacked in retaliation for spyware Superfish

    image

    At midnight on the main page of Lenovo.com, a slide show with images of teenagers appeared, which was clearly not intended for advertising laptops and smartphones. When the page was opened, the song “Breaking Free” from the movie “High School Musical” began to play. At 7 a.m. (Moscow time), a stub hung on the site, and its work was restored only after a few hours.

    According to The Hacker News, hackers from Lizard Squad were involved in the hacking of the site, which follows from a message on Twittergroups. The slideshow used photos of its active members Ryan King and Rory Andrew Godfrey, who were arrested after recent attacks on gaming services. In addition, a phrase about a new rebranding of the Lenovo site with Ryan King and Rory Andrew Godfrey has been added to the code of the web page.



    The Verge edition cites Jonathan Zdzyarski’s assumption of a site attack mechanism that links it to domain spoofing. He discovered changes in Whois - in particular, a change of DNS servers and a move to Cloudflare.

    image

    In addition to the site, hackers gained access to the correspondence of Lenovo employees.

    image

    Another letter says that removing Superfish from one of the users caused the computer to crash.

    image

    Recall that on February 19 it became known about the Superfish program, which since the summer of 2014 comes with laptops of the G, U, Y, Z, S, Flex, Miix, Yoga, and E series. Utilityit listens for traffic, including HTTPS, forges SSL certificates of third-party sites, analyzes user searches and inserts ads on pages of third-party resources. Following the scandal, Lenovo issued an official letter acknowledging the problem of Superfish and introducing various ways to remove the utility.

    Interestingly, a few days before the sabotage against the largest computer manufacturer, the Facebook security department conducted its own investigation, which resulted in the discovery of several more programs using the same library from Komodia as in Superfish.

    • CartCrunch Israel LTD
    • WiredTools LTD
    • Say Media Group LTD
    • Over the rainbow
    • Tech system alert
    • Arcade giant
    • Objectify Media Inc
    • Catalytix web services
    • Optimizermonitor

    The Komodia library modifies the Windows network stack and installs a new root certification authority, which allows such applications to impersonate any site that supports SSL.

    The Hacker News provides a list of hashes that identify malware that contains Komodia’s library.

    0cf1ed0e88761ddb001495cd2316e7388a5e396e
    473d991245716230f7c45aec8ce8583eab89900b
    fe2824a41dc206078754cc3f8b51904b27e7f725
    70a56ae19cc61dd0a9f8951490db37f68c71ad66
    ede269e495845b824738b21e97e34ed8552b838e
    b8b6fc2b942190422c10c0255218e017f039a166
    42f98890f3d5171401004f2fd85267f6694200db
    1ffebcb1b245c9a65402c382001413d373e657ad
    0a9f994a54eaae64aba4dd391cb0efe4abcac227
    e89c586019e259a4796c26ff672e3fe5d56870da

    Also popular now: