14 DAY TRIAL // A security researcher reported that the driver files available for download on the website of a gaming hardware manufacturer called Razer were infected with malware. Upon being notified of the issue, the company took its entire support website offline and started an investigation.
The problem was discovered by Trend Micro's Solutions Architect, Rik Ferguson, who warns on his blog that, "The support website at gaming hardware manufacturer Razer has been compromised to distribute malware." Razer is a company based in Carlsbad, California, which describes itself as "a worldwide leader in terms of professional gaming peripherals."
Its products range from mice and keyboards to surfaces and accessories designed for professional gamers. In order for the operating systems to support the enhanced functionality of these devices, the company provides drivers and special pieces of software through its website. However, according to the Trend Micro security researcher, "A large amount of the device drivers offered for download at the Razer support site were infected with a Trojan."
The trojan acts as a dropper/installer for another piece of malware detected by Trend as WORM.ASPXOR.AB, which is dropped in the system directory. At the time of the discovery, this piece of malware had been detected by only seven from the 41 antivirus engines on Virus Total.
The company acted promptly, took its website down and posted an announcement that read, "Razer was alerted of a malicious attack to our support site this past weekend by a malware virus or trojan. We’ve taken down the support page for the time being while the issue is being resolved."
According to a subsequent update, it seems that the incident started on the 19th of September 2009, therefore users who downloaded drivers on or after that date are advised to scan their computers with an antivirus solution that is able to detect and remove this threat. The company suggests Trend Micro's HouseCall online scanner or ALWIL's free Avast! antivirus.
