Malaysian Kaspersky website and shop hacked. Users at risk?

20/07/2008 Written by Roberto Preatoni

kasperskyThe offi­cial Malaysian Kasper­sky Antivirus’s web­site has been hacked yes­ter­day by a Turk­ish cracker going by the han­dle of “m0sted”.

Along with it, the same cracker hacked also the offi­cial Kasper­sky S.E.S. online shop and its sev­eral other subdomains.

The attacker reported “patri­o­tism” as the rea­son behind the attack and “SQL Injec­tion” as the tech­ni­cal way the intru­sion was performed.

Both web­sites has been home page defaced as well as sev­eral other sec­ondary pages. The inci­dent, though appear­ing a sim­ple web­site deface­ment, might carry along big risks for end-​users because from both the web­sites, eval­u­a­tion copies of the Kasper­sky Antivirus are dis­trib­uted to the pub­lic. In the­ory, the attacker could have uploaded tro­janized ver­sions of the antivirus, infect­ing in this way the unaware users attempt­ing a down­load from a trusted Kaspersky’s file repos­i­tory (remem­ber the tro­jan in the Debian file repository?).

The deface­ment mir­ror for the Kasper­sky offi­cial web­site can be viewed here, while the deface­ment mir­ror of the Kaspersky’s online shop can be viewed here.

Appar­ently, Kasper­sky Labs haven’t a good track record in secur­ing their web­sites as by dig­ging into Zone-​H archives we dis­cov­ered this long list of past incidents:

Date Attacker Flags Domain OS View
2008/​07/​20 m0sted M la​.antivirus365​.net/​p​r​o​d​u​c​t.asp Win 2003 View Mirror
2008/​07/​20 m0sted M kh​.antivirus365​.net/​p​r​o​d​u​c​t.asp Win 2003 View Mirror
2008/​07/​20 m0sted M mm​.antivirus365​.net/​p​r​o​d​u​c​t.asp Win 2003 View Mirror
2008/​07/​20 m0sted M bn​.antivirus365​.net/​p​r​o​d​u​c​t.asp Win 2003 View Mirror
2008/​07/​19 m0sted M antivirus365​.net/​p​r​o​d​u​c​t.asp Win 2003 View Mirror
2008/​07/​19 m0sted H kasper​sky​.com​.my Win 2003 View Mirror
2008/​03/​30 Zero-​Cool M kasper​sky​.fr/​W​e​b​C​o​n​f​i​g.ini Linux View Mirror
2008/​03/​30 Zero-​Cool H M elitecore​.kasper​sky​.fr Linux View Mirror
2008/​03/​30 Zero-​Cool M R netasq​.kasper​sky​.fr/​t​u​t.htm Linux View Mirror
2008/​03/​30 Zero-​Cool H M R edu​ca​tion​.kasper​sky​.fr Linux View Mirror
2008/​03/​28 Alge­ria Secu­rity Crew H sup​port​.kasper​sky​.fr Linux View Mirror
2008/​03/​07 Crackers_​Child H kasper​sky​.ro Linux View Mirror
2007/​09/​25 black­wolf kb​.kasper​sky​.com​.au/​d​e​f​a​u​l​t​.aspx Win 2003 View Mirror
2007/​05/​03 Cyber-​Terrorist H kasper​sky​.com​.br Linux View Mirror
2006/​09/​10 eno7 kasper​sky​.kivi​.si/​d​e​f​a​u​l​t.asp Win 2003 View Mirror
2006/​07/​05 Soot Hack­ers M reseller​.kasper​sky​.ir/​s​o​o​t.txt Win 2003 View Mirror
2006/​06/​24 Soot Hack­ers kasper​sky​.ir/​s​o​o​t.htm Win 2003 View Mirror
2006/​06/​07 Cetus&Club M kasper​sky​.com​.tr/ftp Win 2003 View Mirror
2005/​10/​24 M R netasq​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​24 M R mail​watcher​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 M forum​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 M entre​prises​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 M case​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 sikik M part​ners​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 sikik M web​scan​ner​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 sikik M kb​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 sikik M grand​pub​lic​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 sikik M linux​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 sikik H M neuf​.kasper​sky​.fr Linux View Mirror
2005/​10/​22 sikik M tracker​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 sikik M klxweb​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 sikik H M lan​ex​pert​.kasper​sky​.fr Linux View Mirror
2005/​10/​22 sikik H M mtf​.kasper​sky​.fr Linux View Mirror
2005/​10/​22 sikik H M exes​.kasper​sky​.fr Linux View Mirror
2005/​10/​22 sikik M edu​ca​tion​.kasper​sky​.fr/​i​n​d​e​x​.html Linux View Mirror
2005/​10/​22 sikik M Linux View Mirror
2005/​10/​22 M Linux View Mirror
2005/​10/​22 M Linux View Mirror
2005/​07/​01 M mail​watcher​.kasper​sky​.fr/​w​e​l​c​o​m​e.htm Linux View Mirror
2005/​07/​01 M netasq​.kasper​sky​.fr/​w​e​l​c​o​m​e.htm Linux View Mirror
2000/​12/​16
H
Linux View Mirror

Total: 41

This long list, should ring an alarm bell to Kaspersky’s admin­is­tra­tors who should rush, in our opin­ion, in find­ing bet­ter secu­rity poli­cies and imple­men­ta­tions that should be applied to all their offi­cial and reseller’s websites.

Nobody really care any­more if a website’s home­page gets defaced, but things get dif­fer­ent when the com­pro­mised server is the one from which secu­rity solu­tions are down­load­able by poten­tial customers.

Kaspersky’s web­site seems run­ning a cus­tom ASP CMS, time for code review and patching?


Share this content: