Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Hacking News

Hacking News

Banished AV Researcher Accuses Kaspersky of Hacking

The vendor claims he turned to the dark side

By Lucian Constantin, Web News Editor

29th of October 2009, 14:15 GMT

Adjust text size:


Hacker says Kaspersky infected his website
Enlarge picture
A former antivirus analyst ostracized by the AV community for unethical behavior is accusing Kaspersky Lab of injecting malicious code into his newly launched website. Researchers with the Russian antivirus vendor portray the former white hat as a cyber-criminal associated with the Sinowal gang.

Peter Kleissner is an 18-year-old hacker living in Vienna, Austria. He made a name for himself partially due to a research paper regarding master boot record (MBR) rootkits, which he presented at the 2009 Black Hat security conference. MBR rootkits consist of malicious code that is able to execute before the operating system and reinfect it on every reboot.

During his Black Hat talk, the hacker publicly released the source code for such a program developed by himself and dubbed the "Stoned Bootkit." This rootkit is particularly interesting, as it is able to infect all post-XP Windows operating systems, including Windows 7. Additionally, it features an application programming interface (API), allowing even cybercrooks with average programming skills to create potent malware.

At the time, Peter Kleissner was working for Austria-based AV vendor Ikarus, and his decision to release an open source MBR rootkit obviously not fell well with fellow antivirus professionals. And as if that violation of the white hat ethical code wasn't enough, on his way back from US, while waiting for his flight connection to Vienna, the hacker decided to pen test the Internet terminals at the Zurich Airport without authorization.

According to Kleissner's own account, Ikarus eventually forced him to resign and he was also banned on industry-specific mailing lists. In order to get back at the community which renegated him, the young hacker launched an online system called AV Tracker.

This project aims to maintain a list of the IP addresses used by antivirus companies and malware analysis services such as Virus Total, Anubis, ThreatExpert, Sunbelt's CWSandbox and others. "You can include this list to block them out (making it unable for AVs to analyze your software). You can also DDoS them in order to lame 'em down," the website reads.

To gather the IPs, Kleissner created a small spy program and fed it to the online malware analysis services, knowing that these represent a sample-exchange channel for antivirus companies. Once this executable is ran by AV researchers, it reports the IP address of their test machines back to the AV Tracker website.

This program also seems to have a message hidden into it. "This is Peter Kleissner. [expletive] Ikarus. [expletive] the world. [expletive] you all! I was once working with Ikarus and was a white hat, now I am the worst mean [expletive] black hat and I am selling the source code of Ikarus T3 [Ikarus' product] :D," part of it reads. When confronted with it by a user on his blog, the hacker responded with "[...] ensure to not take those messages literal, if you do, then you will fail to understand me and my mind. And btw I am listening to Eminems sounds, so that shoulda [sic.] explain a bit too."

While writing about this program, Vitaly Kamluk, Kaspersky's director of research center for the EEMEA region, mentioned that the company's analysts modified the requests it sent to the AV Tracker service. "We played around with this request, and substituted various random strings instead of the user name and system parameters," he noted.

However, in a post entitled "Kaspersky Labs hacks my site," Kleissner claims that they actually injected malicious code into his website, more specifically an iFrame pointing to an exploit toolkit. The hacker sent an e-mail to the antivirus company asking 2000 Euros in compensation for the time he lost cleaning his website and threatened them with a lawsuit if they don't comply.

"Naturally, we have gathered all relevant data and forwarded it to our lawyer who will now take the next steps. If all cyber criminals were as cooperative as this one, life would be much easier for AV companies," Mr. Kamluk said. Kleissner subsequently confirmed that a lawyer based in Vienna responded to his e-mail on behalf of Kaspersky.

Given all of the hacker's controversial blog posts and shady actions, it seems the company has enough evidence to support their claim that he is involved in cybercriminal activities. One of his messages reading "I am with the Sinowal (Whistler) [a banking trojan] developers, funny days, aren't [they] ;)" is kind of telling in this respect.

TAGS:

 Peter Kleissner | Kaspersky Lab | AV Tracker | Stoned Bootkit | IFrame injection
Read by 1,114 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Excellent (5.0/5) 1 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Former IT Specialist Hacks into Charity's Network

Security Gurus 0wned by Black Hats

Researchers Peak Inside the Torpig Trojan Infrastructure

Revamped MBR Rootkit Impresses Security Researchers

Three Year Old Trojan Compromised Half Million Banking Details

User opinions:


Comment #1 by: Alain on 29 Oct 2009, 16:50 GMT reply to this comment

People are seemed fast to judge and slow to respond appropriately. I mean it's like watching Die Hard 4.0 movie where supposed to be part of good guy being forced to quit being good which eventually lead to take being bad. Why let such bright mind loose while all one wanted is public recognition to boost one's ego in order to continue working at highest spirit. Well, it's my opinion looking from the psychological side, anyway.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive