Kaspersky Lab's Malaysian Web site hacked
Russian security company Kaspersky Lab's Web site for Malaysia was defaced on Saturday along with one of its online shopping sites, according to Zone-H, an organization that documents such attacks.
The attacker, nicknamed "m0sted," wrote that the site was compromised through SQL injection, wrote Roberto Preatoni on a Zone-H posting.
The attack involves inputting code into a form on a Web page in an attempt to get the back-end database to respond. It can enable the hacker to gain control over the Web site.
Kaspersky has since locked down the site, which is apparently running Microsoft's Internet Information Services Web server. The site is no longer open to the public and requires a user name and password for access.
Images of the hack posted on Zone-H show repeated subjects in the left-hand news section reading "hacked by m0sted and amen Kaspersky Hax0red No War." Other secondary pages were also compromised, Preatoni wrote.
Kaspersky could not be immediately reached for a comment. But Preatoni said that while the attacks appear to be just vandalism, there could be more serious risks.
Evaluation copies of Kaspersky's security software are distributed on the sites, Preatoni wrote. It might have been possible for an attacker to upload malicious software labeled as Kaspersky's software, which would dupe users into thinking the file is okay.
Zone-H has included a log of other times Kaspersky's site has been hacked. But Kaspersky isn't the only security company to have trouble keeping meddlers at bay.
In March, Trend Micro's Web site was one of tens of thousands affected by a wide-ranging attack that inserted JavaScript code to direct visitors to a malicious Web server in China. Security vendor CA's Web site was struck with similar problems in January.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
SQL injection
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
This dispels the belief that
This dispels the belief that Kaspersky protection is 100% secure, a belief held by many people here in Uganda.Official Statement from
Official Statement from Kaspersky:Several publications have recently reported that Kaspersky Lab’s official Malaysian website, as well as its Malaysian online store, were attacked by a Turkish hacker known as "m0sted". According to the hacker’s own statement, the attack was conducted using an SQL-injection. The reports hinted at “big risks for end-users” that could be caused by the attack.
It should be stressed that both websites that were attacked are managed using third-party hosting. The sites have never been publicly accessible as they are still under construction.
Since the websites are still being developed, they haven’t yet been fully secured. Naturally appropriate security features will be implemented before the sites go live.
This situation can be compared to a thief breaking into an empty house that is still under construction and has not been yet properly secured. Breaking in is therefore an easy task, but in such cases there is nothing to steal or damage – the websites are not yet live and are not linked to other Kaspersky Lab corporate websites. It seems clear that the attacker’s only motive was to attract attention.
We therefore do not believe that this attack could harm users in any way. Additionally, it will not be possible to use this attack method once the websites have been officially launched.
replica bags
I'am crazy about replica handbags . I think these replica bags are very attractive .