Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Hacking News

Hacking News

Successful Hacker Attack on Kaspersky Malaysia

The site has been defaced by a Turkish hacker

By George Craciun, Security News Editor

21st of July 2008, 12:37 GMT

Adjust text size:


Turkish hacker defaces Kaspersky Malaysia site
Enlarge picture
It has come to light that this past weekend, the official Malaysian web page of the internationally renowned security software provider Kaspersky, as well as the S.E.S. online shop web page, have been successfully hacked. A Turkish cracker going by the name of "m0sted" managed to hack the previously mentioned web pages by means of SQL injection. The following message was posted by the attacker: "hacked by m0sted And Amen Kaspersky Shop Hax0red No War Turkish Hacker Thanx to Terrorist Crew all team members." It seems that m0sted resorted to this attack out of patriotism.

One of the functions of the two websites is to provide users with trial versions of Kaspersky Antivirus software. The thing is that since the web pages have been hacked, these evaluation copies may prove to pose a security risk. As Zone-H reports, things might have taken a turn for the worse if the attacker would have been able to upload "trojanized versions of the antivirus, infecting in this way the unaware users attempting a download from a trusted Kaspersky's file repository."Luckily this did not occur and the users are not in any danger of infection.

Earlier this month we were reporting that Finjan had discovered over 1,000 trusted sites that had succumbed to SQL injection attacks. The irony in regard to the Kaspersky web page is that anyone who visits the site in order to get security software may end up getting infected instead.

You would think that a security software company as famous as Kaspersky would do a better job defending its own web pages. According to Zone-H, over the past 8 years, since the beginning of 2000 up to this day, a total of 36 defacement incidents have been recorded in relation to international Kaspersky web pages. The French site for example seems to be successfully hacked and consequently defaced pretty much every year or so. On the upside though, it seems that none of the incidents led to malicious software being uploaded and propagated through these sites.

At the moment kaspersky.com.my is still offline and we can only assume that the Kaspersky team is running a full scan of the site to make sure that they are not spreading any malware. The site is expected to be up and running as soon as possible.

TAGS:

 SQL injection | Kaspersky | hacking | security


Rating:
NOT RATED 0 vote(s) so far    

Read by 1,187 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


How to Come Up with a Super Strong Password

Softpedia Interview: Marketcircle CEO Talks Switching to Mac

Softpedia Linux Weekly, Issue 3

New Trojan Guaranteed to Bypass Detection

US Presidential Candidate to Tackle Cybersecurity

Several SQL Injection Vulnerabilities Discovered in Zoph

iPhone 3G Is in Beta, Says Analyst

How the UN Keeps Its Network Safe

The Spanish Police Warns About Pro-Anorexia Websites

President of Georgia Web Page Down after Hacker Attack

User opinions:


Comment #1 by: Simon Hewitt on 28 Jul 2008, 14:30 GMT reply to this comment

Several publications have recently reported that Kaspersky Lab’s official Malaysian website, as well as its Malaysian online store, were attacked by a Turkish hacker known as "m0sted". According to the hacker’s own statement, the attack was conducted using an SQL-injection. The reports hinted at “big risks for end-users” that could be caused by the attack.

It should be stressed that both websites that were attacked are managed using third-party hosting. The sites have never been publicly accessible as they are still under construction.

Since the websites are still being developed, they haven’t yet been fully secured. Naturally appropriate security features will be implemented before the sites go live.

This situation can be compared to a thief breaking into an empty house that is still under construction and has not been yet properly secured. Breaking in is therefore an easy task, but in such cases there is nothing to steal or damage – the websites are not yet live and are not linked to other Kaspersky Lab corporate websites. It seems clear that the attacker’s only motive was to attract attention.

We therefore do not believe that this attack could harm users in any way. Additionally, it will not be possible to use this attack method once the websites have been officially launched.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive