The company said the fault, which was reported only recently, came from a US-based server containing a number of directories and files which, if downloaded and run, would have infected PCs with malicious code.
Websense said it did not know how long the threat had been present, though it said it had probably been there for "some time." The vendor added that simply visiting the site wouldn’t have caused infection, but instead would have required user interaction, after most probably being lured through scam instant messages or emails.
Websense described the malware as being a "Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files, and log keystrokes when connecting to banking websites."
After claiming the malware was "still available for download" yesterday, it now appears that Samsung has removed the files. "Websense has contacted Samsung in this case. This is protocol for all major exploits of this nature," said a spokesperson.
Hijacking websites to host malware is a common exploit, though it is still rare for it to go unnoticed on branded websites for any length of time. Reproduction websites have appeared in the past, while elements on real pages, such as banner ads, have also been taken over to spread worms.
Find your next job with computerworld UK jobs