Advertisement
Home
Saturday, 06 September 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  10244  66.24%
Win 2003  3645  23.57%
Win 2000  1034  6.69%
FreeBSD  352  2.28%
SolarisSunOS  106  0.69%
Other  85  0.55%

Total attacks: 15466 of which 4898 single ip and 10568 mass defacements

Polls
Should Zone-H continue mirroring defacements? (floods will be purged)
 
Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
ZONE-H In Numbers
 News: 14547
 Advisories: 11
 Administrators: 1
 Managers: 1
 Super Administrators: 3
 Operators: 3
 Registered Users: 37601
 Downloadable Files: 3888
 Digital Attacks: 2860920
 Attacks On Hold: 5347
 Online Users: 98
Syndicate
Visitors' Map
Highlight on most recent attacks
materikal.dikmentidki.go.id by Iran Black Hats Team       renda.shyp.gov.cn/home by uykusuz001       mendez.gov.ec by LatinHackTeam       zsks.zbedu.gov.cn/d3xtrroo.txt by d3xtroop       camaraipueiras.ce.gov.br/portal by Owned Day Hacker Team       itanhem.ba.gov.br/site by Owned Day Hacker Team       coroata.ma.gov.br by Owned Day Hacker Team       ninheira.mg.gov.br by Owned Day Hacker Team       rab.gov.bd by SHAHEE_MIRZA       kayak.sssivas.gov.tr by SenqRonize       
Latest advisories
Latest on Digital Warfare
Latest on Geopolitics
Malaysian Kaspersky website and shop hacked. Users at risk? PDF Print E-mail
User Rating: / 44
PoorBest 
Written by Roberto Preatoni   
Sunday, 20 July 2008

kasperskyThe official Malaysian Kaspersky Antivirus's website has been hacked yesterday by a Turkish cracker going by the handle of "m0sted".

Along with it, the same cracker hacked also the official Kaspersky S.E.S. online shop and its several other subdomains. 

The attacker reported "patriotism" as the reason behind the attack and "SQL Injection" as the technical way the intrusion was performed.

Both websites  has been home page defaced as well as several other secondary pages.  The incident, though appearing a simple website defacement, might carry along big risks for end-users because from both the websites, evaluation copies of the Kaspersky Antivirus are distributed to the public. In theory, the attacker could have uploaded trojanized versions of the antivirus, infecting in this way the unaware users attempting a download from a trusted Kaspersky's file repository (remember the trojan in the Debian file repository?). 

The defacement mirror for the Kaspersky official website can be viewed here, while the defacement mirror of the Kaspersky's online shop can be viewed here

Apparently, Kaspersky Labs haven't a good track record in securing their websites as by digging into Zone-H archives we discovered this long list of past incidents:

 

Date Attacker Flags Domain OS View  
2008/07/20 m0sted    M    la.antivirus365.net/product.asp Win 2003  View Mirror  
2008/07/20 m0sted    M    kh.antivirus365.net/product.asp Win 2003  View Mirror  
2008/07/20 m0sted    M    mm.antivirus365.net/product.asp Win 2003  View Mirror  
2008/07/20 m0sted    M    bn.antivirus365.net/product.asp Win 2003  View Mirror  
2008/07/19 m0sted    M   antivirus365.net/product.asp Win 2003  View Mirror
2008/07/19 m0sted H      kaspersky.com.my Win 2003  View Mirror  
2008/03/30 Zero-Cool   M     kaspersky.fr/WebConfig.ini Linux  View Mirror  
2008/03/30 Zero-Cool H M   elitecore.kaspersky.fr Linux  View Mirror  
2008/03/30 Zero-Cool M R   netasq.kaspersky.fr/tut.htm Linux  View Mirror  
2008/03/30 Zero-Cool H M R education.kaspersky.fr Linux  View Mirror  
2008/03/28 Algeria Security Crew H       support.kaspersky.fr Linux  View Mirror  
2008/03/07 Crackers_Child H       kaspersky.ro Linux  View Mirror  
2007/09/25 blackwolf           kb.kaspersky.com.au/default.aspx Win 2003  View Mirror  
2007/05/03 Cyber-Terrorist H       kaspersky.com.br Linux  View Mirror  
2006/09/10 eno7           kaspersky.kivi.si/default.asp Win 2003  View Mirror  
2006/07/05 Soot Hackers   M     reseller.kaspersky.ir/soot.txt Win 2003  View Mirror  
2006/06/24 Soot Hackers           kaspersky.ir/soot.htm Win 2003  View Mirror  
2006/06/07 Cetus&Club   M     kaspersky.com.tr/ftp Win 2003  View Mirror  
2005/10/24   M R   netasq.kaspersky.fr/index.html Linux  View Mirror  
2005/10/24   M R   mailwatcher.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22     M    forum.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22     M    entreprises.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22     M    case.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22 sikik     M    partners.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22 sikik     M    webscanner.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22 sikik     M    kb.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22 sikik     M    grandpublic.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22 sikik     M    linux.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22 sikik H M    neuf.kaspersky.fr Linux  View Mirror  
2005/10/22 sikik   M    tracker.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22 sikik   M    klxweb.kaspersky.fr/index.html Linux  View Mirror  
2005/10/22 sikik H M    lanexpert.kaspersky.fr Linux  View Mirror  
2005/10/22 sikik H M    mtf.kaspersky.fr Linux  View Mirror  
2005/10/22 sikik H M    exes.kaspersky.fr Linux  View Mirror  
2005/10/22 sikik     M   education.kaspersky.fr/index.html Linux  View Mirror
2005/10/22 sikik  M     Linux  View Mirror  
2005/10/22  M     Linux  View Mirror  
2005/10/22  M    Linux  View Mirror  
2005/07/01     M    mailwatcher.kaspersky.fr/welcome.htm Linux  View Mirror  
2005/07/01     M   netasq.kaspersky.fr/welcome.htm Linux  View Mirror  
2000/12/16
Linux  View Mirror

Total: 41

This long list, should ring an alarm bell to Kaspersky's administrators who should rush, in our opinion,  in finding better security policies and implementations that should be applied to all their official and reseller's websites.

Nobody really care anymore if a website's homepage gets defaced, but things get different when the compromised server is the one from which security solutions are  downloadable by potential customers. 

Kaspersky's website seems running a custom ASP CMS, time for code review and patching? 


Comments Index (Total Messages: 11)
very good info Written by Guest on 2008-07-20 13:36:18
Re: very good info Written by Guest on 2008-07-21 15:16:25
Are you sure? :D Written by Guest on 2008-07-21 18:10:32
Kaspersky Written by Guest on 2008-07-21 21:00:56
Re: Kaspersky Written by k3i1 on 2008-07-22 08:36:28
Re: Kaspersky Written by Guest on 2008-07-22 15:27:54
Re: very good info Written by Guest on 2008-07-22 21:14:48
Re: Re: very good info Written by SyS64738 on 2008-07-22 21:16:06
Re: Re: Re: very good info Written by Guest on 2008-07-22 21:37:49
Re: Re: very good info Written by Guest on 2008-07-24 22:34:38
You F-V-&#-3-R Written by Guest on 2008-07-23 20:00:46

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!