Insecurity vendor’s website gets hacked

Subscribe via feed.

Insecurity vendor’s website gets hacked

Posted by deepquest on October 21, 2010 – 1:20 am

INSECURITY VENDOR Kaspersky Labs suffered a shocker over the weekend with the firm’s US website getting hacked.

Aside from the obvious irony that a firm that claims to peddle “Industry-leading Antivirus Software” had its shop front defaced and credibility tarnished, users were put at risk for over three hours by being redirected to another website containing malware. The firm is blaming the hack on security vulnerabilities in a third party application that it uses for administration.

The attack meant that those who wanted to download the Kaspersky’s consumer products were redirected to a website that was “simulating a Windows XP Explorer window and a popup window showing scanning process on the local computer”. It also offered up a fake antivirus program to install.

It took the firm over three hours to find out that it was inadvertently peddling malware to its users, but apparently once it figured out what was going on, it took Kaspersky a further 10 minutes to remove it. The firm now says that a “complete audit” has been carried out on all of its websites and that the compromised server is now “secure and fully back online”.

Kaspersky also said that no personal data was accessed in the attack, though it followed that up by essentially admitting that it doesn’t know the full consequences of the hack. In a statement the firm said, “Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software.”

A website hack is a very public embarrassment for any firm, but for one that promotes itself as a security vendor it is shameful. Although the firm said no personal data was obtained, questions must be asked, how did a firm that one would assume uses its own software and researchers to vet third party applications get caught out in this manner? Not only that, the three hour delay before the alarm was raised also leads to the question, who or what piece of software was asleep on the job of threat detection?

For Kaspersky Labs, it will imperative not only to ensure that similar embarrassments do not occur again but also to rebuild the firm’s reputation as a competent insecurity vendor.

from theinquirer

Tags: kaspersky
This post is under “defacement, Security” and has 1 respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

1 Respond so far- Add one»

1. Anonymous Said：
October 31st, 2010 at 6:38 pm
It’s funny to find out just how many different sites the internet has on this subject. 🙂

Post a reply

You must be logged in to post a comment.

« Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking DDoS Attack on Myanmar Takes the Country Offline »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.