Samsung removes Trojan from US Web site

Samsung Telecom has removed a Trojan horse that was being hosted on its Web site but the site's main page has been inexplicably unavailable all weekend.

On Monday, a spokesperson for Samsung told ZDNet Australia that the offending file has been removed but could not explain why the site seems to be experiencing difficulties.
"The malicious code has been taken down and it is being investigated -- [the malware] has been identified and it has been pulled back," the spokesperson said.
The issue stems from last week when Internet security firm Websense revealed that Samsung's US-based Telecom Web site [www.samsungtelecom.com] was hosting a Trojan horse that was capable of disabling antivirus applications and logging keystrokes.
On Friday morning (Sydney time) the site was still accessible and still hosting the Trojan, according to Websense's Australia country manager Joel Camissar. However, by Friday evening visitors to the main page were greeted with an error message that read "Bad Request (Invalid Hostname)".

The entire Web site did not seem to have been pulled offline as direct links to other areas of the site, which bypass the main landing page, have been accessible.

Although the Trojan was hosted on the Web site, visitors to the site were not at risk, according to Websense's Camissar, who said the malicious file was most likely uploaded to the server so it could be directly linked to via a phishing e-mail.