The US corporate website of Samsung Telecom has been hijacked and used to host and distribute malware, security vendor Websense has revealed.
Reported to the company only recently, it is believed that the US-based server contained a number of directories and files that, if downloaded and run, would have infected PCs with malicious code.
How long the malware has been sitting on the servers is not known, although Websense feels it was probably "some time". Simply visiting the site wouldn't have caused an infection, the vendor said; it would have required user interaction, most probably after being lured through scam IMs (instant messages) or emails.
Websense described the malware as being "a Trojan horse that attempts to disable antivirus programs, modify Registry keys, download additional files and log keystrokes when connecting to banking websites".
After claiming the malware was "still available for download" as of 7 September, it now appears that Samsung has removed the files. "Websense has contacted Samsung in this case. This is protocol for all major exploits of this nature," a spokesperson told us.
Hijacking websites to host malware is a common exploit, although it is still rare for it to go unnoticed on branded websites for any length of time. Reproduction websites have appeared in the past, while elements on real pages, such as banner ads, have also been taken over to spread worms.