In possible retaliation to the Superfish MITM software installed on Lenovo consumer machines, hackers looking to be representing Lizard Squad have hacked Lenovo’s support page through DNS hijack.  Currently, if you head to http://support.lenovo.com/us/en/product_security/superfish, a whole new site appears rotating through images hosted on IMGUR and playing a song hosted on YouTube.  Meta data in the code shows “The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey”, who have been implicated as members of Lizard Squad in the past.  We have pulled the source code for reference. We will update as we find out more information.

[UPDATE] Lenovo has restored the page back to the proper website. No official word from their team on what happened or how many affected in this DNS hijack.

2-25-2015 2-39-28 PM

<html>

<head>

<title>@LizardCircle</title>

<link href=’//fonts.googleapis.com/css?family=Roboto’ rel=’stylesheet’ type=’text/css’>

<meta name=”description” content=”The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey”>

<style>body{background-color:black;color:white;font-family:’Roboto’,sans-serif;}a{color:cyan;}#slides{display:none;}.container{width:100%;height:100%;}.slidesjs-navigation{display:none;}iframe{display:none}</style>

</head>

<body>

<center>

<a href=”https://twitter.com/LizardCircle”>

<div class=”container”>

<div id=”slides”>

<img src=”http://i.imgur.com/UPVwGSb.png”/>

<img src=”http://i.imgur.com/pRvR6jj.png”/>

<img src=”http://i.imgur.com/zTydDfv.png”/>

<img src=”http://i.imgur.com/InvkIDg.png”/>

<img src=”http://i.imgur.com/yr19vvc.png”/>

<img src=”http://i.imgur.com/7wKXhr8.png”/>

<img src=”http://i.imgur.com/SMy9P4g.png”/>

<img src=”http://i.imgur.com/tBSSz1M.png”/>

<img src=”http://i.imgur.com/IWpV3nR.png”/>

<img src=”http://i.imgur.com/QzhXFor.png”/>

<img src=”http://i.imgur.com/ny9IAhQ.png”/>

<img src=”http://i.imgur.com/lsUMIiw.png”/>

<img src=”http://i.imgur.com/dnQGUS1.png”/>

<img src=”http://i.imgur.com/IQbF2nB.png”/>

<img src=”http://i.imgur.com/dGrve6S.png”/>

<img src=”http://i.imgur.com/PhEKut7.png”/>

</div>

</div>

</a>

</center>

<iframe width=”0″ height=”0″ src=”https://www.youtube.com/embed/ZLa__49Ltv4?autoplay=1&loop=1″ frameborder=”0″></iframe>

<iframe src=”https://neko.li/haha/everybody/laughing/at/you” width=”0″ height=”0″></iframe>

<iframe src=”http://dev.neko.li/haha/everybody/laughing/at/you” width=”0″ height=”0″></iframe>

<iframe src=”http://cf0.pw/haha/everybody/laughing/at/you” width=”0″ height=”0″></iframe>

<script src=”http://code.jquery.com/jquery-1.9.1.min.js”></script>

<script src=”http://www.slidesjs.com/js/jquery.slides.min.js”></script>

<script>

$(function() {

$(‘#slides’).slidesjs({

width: 940,

height: 528,

navigation: false,

pagination: false,

effect: {

slide: {

speed: 200

},

fade: {

speed: 300,

crossfade: true

}

},

play: {

active: true,

auto: true,

interval: 2000,

swap: false,

pauseOnHover: false,

restartDelay: 2000

}

});

});

</script>

</body>

</html>

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This