The support site of leading Chinese PC manufacturer Lenovo has been compromised by unknown attackers who injected a rogue IFrame into the pages over the weekend. Security researchers warn that unwary visitors looking for drivers are exposed to several exploits that install the Bredolab trojan onto their computers.

The IFrame points to an exploit kit hosted on a domain called volgo-marun.cn. After performing several checks to determine what vulnerable software they had installed on their computer, the visitors were served with exploits tareting older versions of Internet Explorer, Adobe Reader or Adobe Flash player.

At the moment, the malicious executable is detected by only ten of the 41 antivirus products listed on VirusTotal. The entire download.lenovo.com subdomain has been blacklisted by Google's Safe Browsing service. This means that Firefox or Chrome users should see malware warnings when opening resources hosted on it.

Even though the malicious .cn domain appears to be dead at the moment, it could return back online at any time. Therefore, users are advised to stay clear of the Lenovo support website for a couple of days, until the manufacturer has a chance to clean it up and plug the hole that allowed the compromise in the first place.

Ref: http://news.softpedia.com/news/Lenovo-Support-Website-Infects-Visitors-145111.shtml