Computer maker Lenovo is shipping a malware-infected software package to Windows XP users, according to warning from anti-virus researchers at Microsoft. It was found in Lenovo Trust Key software for Windows XP, a digitally signed driver package available to Windows XP SP2 users.
The malicious file was identified by Microsoft as Win32/Meredrop, a Trojan dropper that is used to install and execute multiple malicious executables on an infected computer. Other anti-virus vendors are detecting the threat as a virus or a porn dialer.
The infected software is used to install the Lenovo Security Logon and the Lenovo Private folder applications for use with the Lenovo Trust Key (also known as Lenovo Insider Key).
Lenovo has already removed the compromised download from its Web site.
More on CyberInsecure: