CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 19th, 2010

Kaspersky Website Infected, Redirects Visitors to Fake AV Download

The Russian-based security firm Kaspersky has fallen victim to the cyber criminals it tries to protect users against, according to reports. The company, known for its anti-virus software, has supposedly been compromised by hackers who have directed users trying to download Kaspersky’s software to malicious sites. Once they have reached the destination they are then encouraged to download fake anti-virus software, which could compromise their data security.

Users of the software have complained to the company over three separate forums but, despite a user thought to be a Kaspersky employee claiming the issue was fixed, the company denied on the forums there had been any problem to begin with.

Writing about the incident on his blog, Rik Ferguson, senior security advisor at Trend Micro, said: “Security vendors have often been the target of both malicious and mischievous hackers and without fail, honesty and transparency have always been the best policy in the aftermath of such an event.”

Kaspersky confirmed an attack had hit the site on Sunday, exploiting a vulnerability in a third party app used for website admin. The company claimed the redirection to the fake anti-virus only lasted three and a half hours and as soon as it was notified, it took the affected server offline within ten minutes.

“Currently the server is secure and fully back online, and Kaspersky products are available for download,” the firm said in a statement sent to IT PRO. “Kaspersky Lab also wants to confirm that no individual’s details were compromised from the company’s web servers during this attack.”

The statement concluded: “Kaspersky Lab takes any attempt to compromise its security seriously. Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software.”

Credit: ITPRO.co.uk

Share this item with others:

More on CyberInsecure:
  • Malaysian Kaspersky Antivirus Website Has Been Hacked In An SQL Injection Attack
  • Bogus Twitter Profiles Are Being Used To Spread Malware
  • Sony USA PlayStation Website SQL Injected And Redirects Visitors To Fake Anti-Virus Scam
  • Google Sponsored Links Offer Free Software And Install Malware
  • Updated Blackmailer Virus Gpcode Encrypts User Data And Demands Payment For Decryption

    • Posted in Breaches And Incidents, Hacked, Malware, Software | Print This Post Print This Post

    This entry was posted on Tuesday, October 19th, 2010 at 3:36 pm and is filed under Breaches And Incidents, Hacked, Malware, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Kaspersky Website Infected, Redirects Visitors to Fake AV Download

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »