The attackers turned Kaspersky offsite into a hotbed of infection

According to Dan Gudin , the American mirror of Kaspersky’s offsite has been spreading viruses for three and a half hours on Sunday. The reason for this was hacking by unknown hackers.


For the first time, information about this fact appeared in three different forums, frequently visited by users of Kaspersky products. According to some posts, official representatives of Kaspersky Lab denied that the infection had spread.

As one of the forum participants wrote, “They claimed that I probably visited a phishing site or a site similar to Kaspersky’s off-site. However, I am sure that I entered the correct URL and got it on offsite. I was even able to re-read the message about the purchase of a Kaspersky product, the purchase of which was made 7 months ago. "
')
On Tuesday, Kaspersky Lab was forced to admit that hackers managed to hack kasperskyusa.com using a vulnerability in a third-party application. As a result, site visitors were automatically redirected to the malware page.

According to Kaspersky Lab, “The website was a copy of the Windows XP Explorer window with a pop-up window that displays the scanning process on the local computer and offers to install a fake antivirus program. In general, the domain carried out this redirection for 3.5 hours. "

According to this brief statement, site visitors were most likely to become infected only if they fell for the trick and downloaded, and then installed a fake antivirus. No recommendations on what to do to users who did just that and became infected, have not been reported.

Detection of a hacking site extremely spoils the reputation of Kaspersky Lab, because trust in a company that offers protection to users and is unable to secure its own servers has been somewhat shaken. It should be recalled that in early 2009, due to hacking, for 10 days there was access to a closed user base installed on the Kaspersky Lab website in the United States. In total, according to The Zero Day security blog, since 2000, 36 defaces of Kaspersky Lab's international sites have been completed.

As was the case in 2009, on Tuesday, the company officially stated that the attackers did not receive user data and the vulnerability was immediately eliminated. The company's specialists continue to investigate the possible consequences of the attack and are ready to help all the victims of it. However, the application does not provide contact information on which victims can apply for assistance to the company.

The Register , October 19, 2010