Attackers turned offsite of Kaspersky into a breeding ground for infection

According to Dan Goodin , the American offsite mirror of Kaspersky spent three and a half hours on Sunday spreading viruses. The reason for this was hacking by unknown hackers.


For the first time, information about this fact appeared in three different forums frequently visited by users of Kaspersky products. According to some posts, Kaspersky Lab officials have denied the spread of the infection.

As one of the forum participants wrote, “They claimed that I probably visited a phishing site or a site similar to Kaspersky’s offsite. However, I am sure that I entered the correct URL and got it on the offsite. "I was even able to reread the message about the purchase of a Kaspersky product, which was purchased 7 months ago."

On Tuesday, Kaspersky Lab was forced to admit that hackers managed to crack kasperskyusa.com by exploiting a vulnerability in a third-party application. As a result, site visitors were automatically redirected to the page with the malware.

According to a statement by Kaspersky Lab, “The website was a copy of the Windows XP Explorer window with a pop-up window showing the scanning process on the local computer and offering to install a fake anti-virus program. In general, the domain performed this forwarding within 3.5 hours. "

According to this brief statement, site visitors were most likely to become infected only if they fell for the trick and downloaded, and then installed a fake antivirus. There were no recommendations what to do to users who did just that and got infected.

Detecting a site hacking extremely spoils the reputation of Kaspersky Lab, as trust in the company, which offers protection to users and is not able to secure their own servers, has been somewhat shaken. It should be remembered that in early 2009, due to a hack for 10 days, there was access to a closed user database installed on the Kaspersky Lab website in the United States. In total, according to The Zero Day security blog, since 2000, 36 defaces of the international sites of Kaspersky Lab have been implemented.

As in the case of 2009, on Tuesday, the company officially announced that the attackers did not receive user data and the vulnerability was immediately fixed. The company's specialists continue to investigate the possible consequences of the attack and are ready to help all those affected by it. However, the application does not provide contact information for victims to turn to the company for help.

The Register , October 19, 2010