Kaspersky download site hacked to spread fake AV

UPDATE: According to a report in ITPro by Jennifer Scott, Kaspersky have been in touch to confirm that their servers were in fact compromised and the redirection was very real. The breach was made by exploiting “a third party app used for site admin”. The malicious redirection was in place for three and a half hours.
________________________________________________________________________________
 
Several reports in Kaspersky user forums seem to indicate that the security software manufacturer was recently compromised by cybercriminals trying to punt fake security software.
 
Fake anti virus software is most often spread through booby-trapped web pages, designed to show up high in search results for popular or newsworthy terms; for example recently people searching for information about the Stuxnet malware were targeted. This is a technique so established that TrendLabs have been able to develop automated tools to proactively monitor and block these pages as they appear. If true, this compromise of a legitimate download site, particularly a security vendor could represent an important new change of tactics by the scareware pushers.
 
Kaspersky users in three separate forums; Calendar of Updates, YahooAnswers and Kaspersky’s own Kaspersky Lab forum have complained that links to download Kaspersky’s home user security software from their USA download site were redirecting them to a malicious web page pushing fake AV known as Security Tool. One user posted the below screen capture
 

 
According to forum posts Kaspersky have stated that there was no compromise of their servers. Somewhat incongruous then is the post by one forum user going by the handle of Micha, who appears to come from Kaspersky Lab in Japan according to his profile. He posted the following:
 

“Hello,

Thanks, it should be fixed.

Cheers “

 
Security vendors have often been the target of both malicious and mischievous hackers and without fail, honesty and transparency have always been the best policy in the aftermath of such an event.
 
Thanks to Donna for the heads-up.

11 thoughts on “Kaspersky download site hacked to spread fake AV

  1. Pingback: [BLOCKED BY STBV] Dubai Informer

  2. Pingback: Hackean el sitio de Kaspersky en Estados Unidos » Blog NeoPortal

  3. Pingback: SCHNAAP無名部落格 » Kaspersky download site hacked to spread fake AV » CounterMeasures

  4. Pingback: Blog de Comunidad Cibertec - Internet Tecnología – Hackean el sitio de Kaspersky en Estados Unidos

  5. Pingback: Mozilla quashes 12 Firefox bugs | IT Security, Hacking, Vulnerability alerts, IT Leadership and more

  6. Pingback: Hackean el sitio web de Kaspersky en Estados Unidos durante el fin de semana - FayerWayer

  7. Pingback: Hacked Kaspersky server deploys scareware | Group51.org

  8. Pingback: Kaspersky Download site spread Fake AV?

  9. Pingback: Kaspersky-site verspreidt nep-virusscanner na hack » Clippy.be

  10. Pingback: Kaspersky’nin web sitesi hacklendi

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>