Kaspersky Sees Site Hacked, Serves Up Malware

Kaspersky Sees Site Hacked, Serves Up Malware

It's always hilarious when a security firm has its site hacked or has some other security-related SNAFU occur that you would think their own products could prevent. Such is the case with Kaspersky Labs, which recently saw its site not just hacked, but serving up malware. Reports first came from users on Kaspersky's own support forums. The company initially denied the issue, with tech support and this user having the following conversation:
I called Kaspersky this morning and they are denying that this happened. They are stating that I must have went to a phishing site or a site that looks like them. Sorry Kaspersky, I typed the correct URL above and was redirected directly from your web site. I even went to my order email from Kaspersky I purchase 7-months ago. I clicked the download link from that email and sure enough I was redirected to the same malware site. Kaspersky said that email was probably a fake email. Really, because it has all my order information on it and it worked 7-months ago. If that email was a fake, then there are even more concerns.
Kaspersky, however, finally 'fessed up. They said, in a statement:
“The website was simulating a Windows XP Explorer window and a popup window showing scanning process on the local computer and offering the user a fake antivirus program to install. The domain was making these redirections for 3.5 hours in total.”
It is, again one of those attacks that rely of customers believing that their PC is infected when a popup appears, and clicking to allow an installation to occurs.  You'd think folks with Kaspersky products on their systems wouldn't be worried, wouldn't you?


Kaspersky said that the attack didn't expose customer data and that the exploit was contained quickly after it was discovered, which took some time, we assume, since they were initially denying it.
0
+ -

So which "3rd Party" admin app were they using that has the security hole?

I'd feel sorry for them if their first action had not been to deny that they were hacked and tell the user that they *must* have fallen for some other phishing problem.

My standard plug for an alternate operating system: One of the great thing about browsing the web from Linux is that you are never ever going to fall for a fake WinXP (or Vista/Win7) style dialog. Nor would you have found yourself with any need to go to an antivirus site in the first place. Most Linux users do all software installations via signed packages from their distro's repository, and that brings along an amazing level of security.

0
+ -

Linux just like Macs are just as susceptible to virus's and spyware, its just that MS OS are the most wide spread and thus the more bang for you buck to write stuff for. If one wanted to im sure someone could write a virus for Linux or Mac as no OS is ever fully secure. Really with Linux and all the repositories that are used, infecting a repository makes things much simpler as you dont have to worry about infecting people's computers just one place and boom anyone that installs that program from the repository gets infected. AV sites getting hacked, of course they will deny it till they know what happened, then they will release a statement of what really occurred. That is standard business practice, deny till you have all the facts. The media is real bad about throwing crap out there when they dont know all the facts and look at all the problems that has caused over the years.

0
+ -

I guess denial beats admitting that you just don't know what is happening at the time. Once you know the facts, you can just try to sound smart about the situation and downplay it's total effect.

But the fact is that they were nailed to a public cross in a very rude way.

And Drago, the fact that no OS is bulletproof doesn't mean that in the real world, with real experiences, 3vi1 isn't correct. I've been using Ubuntu for years without an AV program and with no Anti-Spyware installed and never been infected or compromised. (something that would make me cringe using Windows any-version)

The same is true for the iMac that I'm about to sell to my son.

0
+ -

Drago, marketshare is not what dictates how vulnerable an OS is. Design does.

>> infecting a repository makes things much simpler

And exactly how are you going to get the PGP keys to sign a package? You realize that everyone doing an update to a package you simply replace in the repo is going to get a warning screaming that it's fake, right?  You're dead wrong on this one.

The standard refrain that "it's just not a popular target", doesn't hold water. Consider this: The vast majority of Internet web servers (a more prized target for crackers) have always run Apache on Linux, FreeBSD, or another *nix variant. Yet the web servers running Windows get owned more frequently.  Since there are over a million Windows viruses (according to Symantec), shouldn't their be at least 70 thousand Mac and Linux viruses out in the wild?  Somehow, their numbers remain in the hundreds (and most of those are concepts or one-off trojans that require the user to explicitly install them).

You are correct in that you can write a virus for Linux (or any other OS). The problem is, they don't live long enough to multiply on Linux. *That's* why it's not a popular target.  User's have always had no rights to write to binaries and don't normally install binaries outside a package manager. The viruses literally have nowhere to go - You can't e-mail it to the address book because someone would have to enter the root password to install it! Linux doesn't have the flaw of integrating the OS API in all the apps to get lock-in that leads to exploits in that area.

Another factor is diversity.  Not every distro runs the same kernel, or the same packages/versions.  If you were able to come up with a remote kernel exploit for one distro, only a portion of Linux users would be vulnerable.  (And about 24 hours after you used your exploit, no one would be vulnerable - because the kernel team, distro developers, *or any of the users who are developers* can troubleshoot the problem, fix it on their systems, and push the suggested patch upstream - no waiting on one person at one company for the fix)  There's no guarantee for hackers that their exploits will work on all Linux systems, yet there is a guarantee that exploits will cease working very quickly.  Again, this kills incentive much more than the relative size of the install base.

Like realneil, I've been using Linux for a very very long time now (since not too long after WinXP was released... so somehwere near 10 years).  I have gone to tons of hacking and warez sites while doing research (I don't run Windows, so I don't need warez), and have never once seen a Linux virus in the wild though I do occasionally run KlamAV or the 'chkrootkit' command, hoping for a surprise.

I'm really surprised that a group of Windows-fanboy-hackers hasn't tried to release a deluge of Linux viruses to shut people like me up... but I guess that if they take the time to learn Linux well enough to attempt the deed, they end up liking it (or realizing it's just not feasible).

Login or Register to Comment
Post a Comment
Username:   Password: