Kaspersky's Malaysian Site Hacked!

[COMCAM]

---

“The official Malaysian Kaspersky Antivirus’s website has been hacked yesterday by a Turkish cracker going by the handle of “m0sted”. Along with it, the same cracker hacked also the official Kaspersky S.E.S. online shop and its several other subdomains. The attacker reported “patriotism” as the reason behind the attack and “SQL Injection” as the technical way the intrusion was performed.
Both websites has been home page defaced as well as several other secondary pages. The incident, though appearing a simple website defacement, might carry along big risks for end-users because from both the websites, evaluation copies of the Kaspersky Antivirus are distributed to the public. In theory, the attacker could have uploaded trojanized versions of the antivirus, infecting in this way the unaware users attempting a download from a trusted Kaspersky’s file repository (remember the trojan in the Debian file repository?).”

Are users at risk due to the compromise? Not in this case, however, the attack is a wake up call which if not taken seriously enough could result in an ironic situation where a security vendor’s site is infecting its visitors with malware. It has happened before, and it will definitely happen again.
This is not an isolated incident. According to Zone-h’s archive, since 2000 there have been 36 web site defacements of international Kaspersky sites, with Kaspersky’s French site getting hacked and re-hacked on an yearly basis. And while in none of the incidents there was any malicious software served, or a live exploit URL that could have been embedded into the legitimate site, there’s an ongoing trend related to web site defacements in regard to their interest in monetizing the access they have to the vulnerable sites, by injecting malware URLs, hosting phishing pages, and also, locally hosting blackhat SEO junk pages where they would eventually earn money through affiliate based networks.
In the time of blogging there’s no indication of a malware attack at the site, and kaspersky.com.my remains offline, presumably in an attempt to audit the site for web application vulnerabilities before putting it back online.

[COMCAM]

was it really a turkish hacker?

[spoken]

kuyawa jud aning mga turkish hacker...

[sagoy]

Mag turkish hacker nlang sad ko uy....


I use Avira mn sd.

[jdimpas]

I can't imagine Security based company was hacked.. makawala mani ug trust/reliability sa ila mga application.. tsk tsk tsk..

[Pinkdimensions]

ganahan pa naman ko aning ilang security tool da hihih.. avg nalang ko..

[COMCAM]

Ahihi, may nalang AVG pud ako

[xirc]

bsan dli pa kaspersky wa jud ta kabalo sa uban nga AV.

[sagoy]

HiJackThis, DDS ug OTMoveIt ra ang katapat sa tanan virus/malware.... No matter how good your AV is, some new virus/malware can get through it for sure.

[dodie]

The way i see it it's not the system or the company. It's only the website that was gettin "hacked".
I see it that the site is using PHP, and the article said that was attacked by SQL injection.

I think that their website lacks error trapping during the form processing and inputs. That's where the variables kick's in.. then the attacker would perform sql queries during those forms.

A second view would be the "uploaded file" may did some processing behind it.... who knows?? hehehe