Kaspersky Lab's Malaysian Web site hacked

By , IDG News Service |  Security, attacks, SQL injection

Russian security company Kaspersky Lab's Web site for Malaysia was defaced on Saturday along with one of its online shopping sites, according to Zone-H, an organization that documents such attacks.

The attacker, nicknamed "m0sted," wrote that the site was compromised through SQL injection, wrote Roberto Preatoni on a Zone-H posting.

The attack involves inputting code into a form on a Web page in an attempt to get the back-end database to respond. It can enable the hacker to gain control over the Web site.

Kaspersky has since locked down the site, which is apparently running Microsoft's Internet Information Services Web server. The site is no longer open to the public and requires a user name and password for access.

Images of the hack posted on Zone-H show repeated subjects in the left-hand news section reading "hacked by m0sted and amen Kaspersky Hax0red No War." Other secondary pages were also compromised, Preatoni wrote.

Kaspersky could not be immediately reached for a comment. But Preatoni said that while the attacks appear to be just vandalism, there could be more serious risks.

Evaluation copies of Kaspersky's security software are distributed on the sites, Preatoni wrote. It might have been possible for an attacker to upload malicious software labeled as Kaspersky's software, which would dupe users into thinking the file is okay.

Zone-H has included a log of other times Kaspersky's site has been hacked. But Kaspersky isn't the only security company to have trouble keeping meddlers at bay.

In March, Trend Micro's Web site was one of tens of thousands affected by a wide-ranging attack that inserted JavaScript code to direct visitors to a malicious Web server in China. Security vendor CA's Web site was struck with similar problems in January.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness