Kaspersky says hacking attack did no damage

by Jeremy Kirk
Be the first to comment | I like it!
Tags: attacks, hacking, Kaspersky Lab, SQL injection
More »
on this topic
July 22, 2008, 02:55 PM —  IDG News Service — 

The defacement of one of Kaspersky Lab's partner Web sites over the weekend occurred while the site was under construction and offered no data to steal, a senior company official said Tuesday.

A hacker going by the nickname of "m0sted" broke in and left various messages on several pages of a partner site for Malaysia. Screenshots were posted on Zone-H.org, a site that tracks vandalism of other Web sites.

[ related reading: Kaspersky Lab's Malaysian Web site hacked ]

The site actually belongs to one of Kaspersky's partners and was still under development, said David Emm, senior technology consultant. The site had not been formally launched or publicized, he said.

"Naturally, we'll be making sure that it's locked down before it goes live and any business is conducted on the site," Emm said.

The hacker claimed the site was compromised via SQL (Structured Query Language) injection, where malicious code is dropped inside Web-based forms in order to get a response from the back-end server. The style of attack has been increasingly favored by hackers, as many Web sites are vulnerable, which can lead to a serious data breach.

Zone-H.org theorized that an attacker could have uploaded malicious code to the site and labeled it as a trial download of Kaspersky's software, but the company dismissed any risks.

"It seems clear that the attacker's only motive was to attract attention," according to a company statement. "We therefore do not believe that this attack could harm users in any way."

IDG News Service

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
Free books

Build your tech library with our book giveaways.

Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne

The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!

Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
Marketplace