CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 21st, 2008

Malaysian Kaspersky Antivirus Website Has Been Hacked In An SQL Injection Attack

According to Zone-h.org, the official Malaysian Kaspersky Antivirus website has been hacked yesterday by a Turkish cracker. Along with it, the same cracker hacked the official Kaspersky online shop and its several other subdomains. The attacker reported “patriotism” as the reason behind the attack. It seems that SQL injection was the technical way the intrusion was performed.

Both websites has been home page defaced as well as several other secondary pages. The incident, though appearing a simple website defacement, might carry along big risks for end-users because from both the websites, evaluation copies of the Kaspersky Antivirus are distributed to the public. In theory, the attacker could have uploaded trojan-infected versions of the antivirus, infecting in this way the unaware users attempting a download from a trusted Kaspersky’s file repository.

According to Zone-h’s archive, since 2000 there have been 36 web site defacements of international Kaspersky sites, with Kaspersky’s French site getting hacked numerous times during the last few years. There was no malicious software served in those accidents but it seems like an ongoing trend related to web site defacements.

There’s no indication of a malware attack at the site and it seems that users are not at risk in this case. Nevertheless, the attack should be taken very seriously since it could result in a situation where a security vendor’s site is infecting its visitors with malware. Kaspersky.com.my remains offline, presumably in an attempt to audit the site for web application vulnerabilities before putting it back online.

Share this item with others:

More on CyberInsecure:
  • Kaspersky.com USA Hacked Through SQL-Injection, Breach Exposes Sensitive Database
  • Intel Website Hacked, Personal Data Exposed Through SQL Injection
  • New Lateral SQL Injection Method To Hack Oracle Database
  • Kaspersky Website Infected, Redirects Visitors to Fake AV Download
  • The Image Group Website Hacked Through SQL-Injection, Credit Cards Data Stolen

    • Posted in Breaches And Incidents, Hacked, SQL Injections, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Monday, July 21st, 2008 at 2:51 pm and is filed under Breaches And Incidents, Hacked, SQL Injections, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Malaysian Kaspersky Antivirus Website Has Been Hacked In An SQL Injection Attack

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »