Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Kaspersky Confirmed Data Breach on its Website

Moscow-based security firm Kaspersky Lab confirmed a security breach on February 9, 2009 in which database consisting of customer details remained exposed for nearly eleven days. The security company said that it came to know about the breach when the Romanian hackers informed about the breach to the company on February 7, 2009.

Kaspersky Lab states that the security breach began on January 28, 2009 when website administrators made changes in the 'support' section of the site usa.kaspersky.com.

A hacker who disclosed his identity as "unu" said that he was responsible for the hack and also stated that Kaspersky's site was clearly vulnerable to SQL injections. The security specialists disclosed that SQL injection attacks involved a tiny malicious code insertion into a a database that supplies information to the target website. Criminals most commonly release malware through SQL injections to hijack business websites.

Meanwhile, after the hacker put up his discoveries on the "Hackers Blog site", security specialists said that it was possible for any hacker to install malware on Kaspersky's website. Chief Security Strategist at IBM, Gunter Ollman, states that he is worried that such a critical vulnerability could potentially be exploited to seize legitimate renewals and purchases of Kaspersky's software products that could involve linking to backdoored and malicious versions of the company's software, as reported by bit-tech on February 9, 2009.

While confirming the SQL injection attack, Roel Schouwenberg, Senior antivirus Researcher at Kaspersky, stated that as many as about 25,000 activation codes and about 2,500 e-mail addresses of users were at risk , as reported by Computerworld on February 9, 2009.

Schouwenberg also observed that there were some inaccuracies with Kaspersky's process of reviewing the company's internal code. He added that Kaspersky was now assessing that process in a much stricter way.

Meanwhile, Kaspersky hired the services of another security firm that would independently audit Kaspersky's systems.

Notably, in a similar incident, an SQL injection attack against Microsoft's UK website in 2007 was launched by hackers to insert HTML code. This attack defaced the website pages and also exposed them to malware.

Related article: Kaspersky Released Malware Statistics for September 2008

ยป SPAMfighter News - 23-02-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next