Based on upstream detection reports from our customers… it appears that a Lenovo related website was compromised on March 13th. For some (relatively short) period of time, the portal site “startpage.lenovo.com” redirected visitors towards the infamous Angler exploit kit – a source of no small amount of crypto-ransomware.
So, even though the compromise was limited in duration, the consequences could be significant. Hopefully the site didn’t get much traffic Sunday evening.
Exploit:JS/AnglerEK.D is the detection which triggered these particular upstream reports. Angler’s recent payload is TeslaCrypt. And that we detect as Trojan:W32/Rimecud.A!DeepGuard and Trojan:W32/TeslaCrypt.X!DeepGuard.
Personally, I don’t use a portal as my “start page”. Me, I prefer about:blank.