Hacked Kaspersky Website Infected Users with Scareware

Malware pushers have managed to compromise a Kaspersky Lab website on Sunday and direct users looking to download the vendor's applications to scareware.

According to various reports, including on Kaspersky's own support forums, the compromise occurred on the USA download website.

When visitors attempted to download the company's security products they got redirected to an external page, which mimicked an antivirus scan and served a fake AV program.

Known as scareware or rogueware, these applications bombard users with bogus security alerts about fictitious infections on their computers, in an attempt to convince them to buy a useless license.

These programs are distributed through a variety of methods, including by infecting legitimate websites.

One can easily realize how being served via a legit antivirus vendor's site, would make such an application very credible and dangerous.

There is reason to believe that some people were infected as a result of the attack, which Kaspersky confirmed today for IT PRO.

A spokesperson told the publication that the rogue redirection lasted for a total of three and a half hours and that the server was taken offline as soon as the company learned of the problem.

"Currently the server is secure and fully back online, and Kaspersky products are available for download," the Kaspersky representative noted.

The attacker's point of entry was tracked down to a vulnerability in a third-party component used for the website's administration.

According to a recent report from application risk management vendor Veracode, between 30% to 70% of applications contain third party code and as much as 80% of it fails security tests.

This is not the first time when Kaspersky had problems with its websites. Back in February 2009, a Romanian greyhat hacker identified an SQL injection weakness on the company's USA support site.

The flaw allowed for unauthorized access to the underlying database, which contained customer information, serial numbers, support tickets and other sensitive data. Kaspersky stressed that no individual's details were compromised as a result of the malicious attack on Sunday.

"Kaspersky Lab takes any attempt to compromise its security seriously. Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software," the spokesperson said.