July 21st, 2008
Posted by Dancho Danchev @ 4:26 am
According to Zone-h.org, Kaspersky’s Malaysian site has been defaced by a Turkish hacker during the weekend, through a
SQL injection, leaving the following message - “hacked by m0sted And Amen Kaspersky Shop Hax0red No War Turkish Hacker Thanx to Terrorist Crew all team members“.
“The official Malaysian Kaspersky Antivirus’s website
has been hacked yesterday by a Turkish cracker going by the handle of
“m0sted”. Along with it, the same cracker hacked also the official
Kaspersky S.E.S. online shop and its several other subdomains. The
attacker reported “patriotism” as the reason behind the attack and “SQL
Injection” as the technical way the intrusion was performed.
Both websites has been home page defaced as well as several other
secondary pages. The incident, though appearing a simple website
defacement, might carry along big risks for end-users because from both
the websites, evaluation copies of the Kaspersky Antivirus are
distributed to the public. In theory, the attacker could have uploaded
trojanized versions of the antivirus, infecting in this way the unaware
users attempting a download from a trusted Kaspersky’s file repository
(remember the trojan in the Debian file repository?).”
Are users at risk due to the compromise? Not in this case, however,
the attack is a wake up call which if not taken seriously enough could
result in an ironic situation where a security vendor’s site is
infecting its visitors with malware. It has happened before, and it will definitely happen again.
This is not an isolated incident. According to Zone-h’s archive,
since 2000 there have been 36 web site defacements of international
Kaspersky sites, with Kaspersky’s French site getting hacked and
re-hacked on an yearly basis. And while in none of the incidents there
was any malicious software served, or a live exploit URL that could
have been embedded into the legitimate site, there’s an ongoing trend
related to web site defacements in regard to their interest in monetizing the access they have to the vulnerable sites, by injecting malware URLs, hosting phishing pages, and also, locally hosting blackhat SEO junk pages where they would eventually earn money through affiliate based networks.
In the time of blogging there’s no indication of a malware attack at the site, and kaspersky.com.my remains offline, presumably in an attempt to audit the site for web application vulnerabilities before putting it back online.
http://blogs.zdnet.com/security/?p=1516&tag=nl.e550
*Good*Boy*
+++++
just remember.. before you insult someone.. walk a mile in their shoes.. that way you're a mile away.. and you have their shoes
+++++
