From: "Carl Gehr" Received: from [192.168.100.201] (account carl.gehr@mcgcg.com HELO localhost) by 2rosenthals.com (CommuniGate Pro SMTP 5.1.16) with ESMTPA id 2138020 for ecs-t6x@2rosenthals.com; Sat, 22 Nov 2008 13:42:58 -0500 To: "eCS ThinkPad T60/61 Mailing List" Date: Sat, 22 Nov 2008 13:42:45 -0500 (EST) Reply-To: "Carl Gehr" Priority: Normal X-Mailer: PMMail 2.20.2382 for OS/2 Warp 4.5 In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: Re: [eCS T60/T61] Lenovo malware Message-ID: Jon, Just a quick [I hope] question about this 'distribution'... What, exactly, would someone have requested that would result in this download from Lenovo? I assume it is not part of what a user would get as a result of normal XP updates, but I want to be sure. I don't use XP [or any 'Doze' stuff], but I have friends and family who do use it on some TPads. I just want to know what to warn them about, if that should really be done. Thanks, Carl =-=-=-=-=-=-= In Reply to Your ORIGINAL MESSAGE =-=-=-=-=-=-= From: "Jon Harrison" To: "eCS ThinkPad T60/61 Mailing List" cc: Date: Thu, 20 Nov 2008 20:33:47 -0800 (PST) Subject: [eCS T60/T61] Lenovo malware Although this info is not applicable to eCS I figure there may be some readers here who occasionally use XP on their TP. So here is something FYI. Lewis: If you think this is inappropriate then I apologise and please remove this in that case. jon Thursday November 20, 2008 Lenovo Ships Malware With Software A Windows XP software package distributed by Lenovo earlier this week was infected with malware. The program has been removed from the Lenovo site. The problem was in the Lenovo Trust Key software for Windows XP, a digitally signed driver package for Windows XP SP2 systems. The application is used for secure logon and secure private folders. Microsoft identified the infection as Win32/Meredrop, a Trojan dropper. Such programs download and install other malicious programs. Other anti-virus vendors are detecting the threat as a 'hooligan' virus or a porn dialer. Even though the report indicates that it is the XP version which is affected, the Vista version is also no longer available on the Lenovo site. Perhaps the are the same version. In such cases it is good practice to revoke the digital certificate used to sign the package. I have no word yet on whether Lenovo will do this. If they do so and have used the same certificate to sign other packages, all of those will need to be resigned and re-issued. source: http://blogs.pcmag.com/securitywatch/2008/11/lenovo_ships_malware_with_s oft.php =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to To subscribe (new addresses), E-mail to: and reply to the confirmation email. Web archives are publicly available at: http://lists.2rosenthals.com This list is hosted by Rosenthal & Rosenthal, LLC P.O. Box 281, Deer Park, NY 11729-0281. Non- electronic communications related to content contained in these messages should be directed to the above address. (CAN-SPAM Act of 2003) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= =-=-=-=-=-=-=-=-=-= END ORIGINAL MESSAGE =-=-=-=-=-=-=-=-=-=