Gamers trying to update their mouse or keyboard drivers from accessory maker Razer USA’s Web site recently may have gotten more than they bargained for.
That’s because the company’s computers appear to have been hacked, and its support site used to spread malicious Trojan horse programs, according to Rik Ferguson, a researcher with Trend Micro.
After hearing comments from concerned customers, Trend researchers took a look at Razer’s drivers. They downloaded eight infected drivers, and immediately contacted Razer. “They immediately took the site offline,” he said in an instant message interview.
Customers who downloaded this software would get the drivers they requested, but they also got an obscure Trojan program called WORM.ASPXOR.AB. “The malware had very low detection rates, with only seven out of 41 vendors offering generic detection,” Ferguson said.
To make matters worse, gamers often turn off their antivirus protection to speed up their gameplay, so some victims may have never had a chance of catching the Trojan.
Based on the complaints, Ferguson believes that the malicious Trojans were probably available on Razer’s Web site for just a few days.
Company spokesman Heathcliff Hatcher couldn’t say exactly what had happened to cause the infected downloads. But he said that his company was working with Trend Micro to investigate the issue. The company’s main Web site was still active Monday afternoon, but its support site had been taken offline.
Visitors were greeted with the message, “Woops. We had to bring down Razer Support for the time being for a quick fix.”
Based in Carlsbad, Calif., Razer makes cool-looking accessories such as mice and keyboards designed to give customers and edge when they play PC games.
The company is just the latest in a growing list of hardware makers who have been duped into infecting their own customers. Three years ago, Apple shipped a small number of video iPods infected with a virus. Apple blamed the issue on an infected Windows machine, used to test the devices before they were shipped. Hard drive maker Seagate and computer retailer Best Buy have also shipped infected products in the past few years.
Ferguson couldn’t say whether Razer’s Web site had been hacked or if the security breach had occurred on other company systems. “It’s impossible to know,” he said.
Razer customers who think they may have been infected can try Trend’s free House Call service to see if they’ve been hit.