What is GenericDownloader.o's purpose?

A co-worker was checking a competitor's site and got GenericDownloader.o. McAfee caught and cleaned it. Two weeks later we went back and the trojan still there. My co-worker got it and I got it. McAfee took care of it in both cases.

Either the competitor is not aware a trojan is on the front page or someone put it there with purpose. Neither is speaks well. One shows incompetence (i.e., over two weeks, no one from the company hit their own site?). The other demonstrates deviousness.

Surely no legitimate company could be that devious these days, right? Of course this competitor (no names) has a history of ethically challenged behavior. So, I've got a stupid question. What warped purpose might it serve if GenericDownloader.o was put in place intentionally?

There's java all over the site. I don't think there's any ActiveX. The site does feature a third party shopping cart that flips to an external site (not the source of the trojan; that's the front page of the competitor's site). I don't think anything is (supposed to be) available for downloading from the site.

Thanks in advance.

RAB83

 

GenericDownloader is just that it's a generic trojan. If it's as you say a legitimate company than I highly doubt they put the trojan on the web page; and it is highly unlikey that they would even know it was there.

Even though it is a competitor of your business, I would inform them that there is a trojan on their web page that is downloading itself to visting systems. It is the ethical thing to do.

 

Thanks. We did talk with one of their affiliates. Apparently they are aware of it, but are not doing anything about it. They opened a new site & URL and are letting the old one go dormant until they feel traffic is stronger at their new site. What can I say?

 

The non-action on their part speaks ill of the company by itself.

They know a trojan is downloading from their site and have done nothing to clean the trojan or at least shut the site and redirect traffic to the new site.

Not a company I would want to business with.

 

I agree. It shouldn't be surprising that we've got them in at least one DMCA violation of our content. Plus, they've been harvesting email addresses from our discussion lists, and spamming our customers (and yes, we're taking action on these issues). It's ethical shortcomings like these that led to the original question. It was after I posted it that we talked with one of their affiliates and learned they were aware of it.

 

I would say this is an issue for your Legal Department. Since there are already legal issues with this company. May want to complain to their hosting company about the trojan on their site. I'm sure that if they don't remedy the situation quickly after their hosting company notifies them, the site will be closed; until it is rectified.