Last weekend, a number of pages within the download section of Lenovo's support site were the object of a Malware exploit. The Malware intent was to attempt connection to a remote server for the purpose of downloading additional code to the user's system.
Visitors accessing the site with Firefox or Chrome browsers during this period may have noted that the site was blocked by a warning message like this one, triggered by Google's detection of the rogue code on 6/20. Based on an original write up by AV Bkis' blog, news of these events circulated through a number of tech sites, security and malware focused blogs, forums, and twitter over the weekend, while Lenovo investigated, and worked to resolve the situation. The site was confirmed free of infection by 9 am, EST Monday the 21st, and as Google rescanned the site and found it to be clear as well, the advisory messages lifted.. As a precaution, Lenovo advises customers who accessed the download section between late Friday, June 18 and Monday, June 21, to run an antivirus scan. It is also recommended that users run the automatic update function of their antivirus program to ensure it is using the latest definitions files. Additionally, since the installer filename is known, a simple search for the monskc32.exe file may be an easy added precaution.