F-Secure Faced New Wave of Hacking Attacks Against Security Vendors
A Romanian hacker has revealed a latest SQL injection attack in a posting on hackersblog.org forum. The unidentified hacker stated that after exploiting coding errors on the website of F-Secure, Finland-based antivirus vendor, he observed some statistics concerning past virus activity.
The hacker provided screenshots of the SQL Server information and database table names. He further added that the website was vulnerable to both cross-site scripting as well as SQL injection.
According to security experts, SQL-injection has emerged as a very popular method of exploitation, wherein a small malicious script is inserted into a database which provides information to the website. Cross-site scripting that allows attackers to inject malicious codes in web pages is also being commonly used.
As reported by Search Security on February 13, 2009, David Frazer, Director of technology services at F-Secure's North American division, confirmed the breach on February 11, 2009. Giving details of this breaching incident, F-Secure said on February 12, 2009 that the breach was of low level, having limited impact and scope. He told that the breached database server contained virus statistical information.
Frazer further said that however attackers could read the security firm's database information, but they could not manipulate or write the data. Also they were not able to access any other information on the server since the SQL user had access only to its own database.
One of the F-Secure's servers employed in gathering malware statistics was having a page that was unable to sanitize the input properly and thus, was vulnerable to attack. Instantly after discovering the blog, the breached server was taken-down to analyze the level of risk.
According to F-Secure, the breached information was not considered a part of their critical infrastructure and thus, the incident has not caused big embarrassment to them. Although, Frazer said that being a security firm they need to ensure that they remain protected and up-to-date.
In past few days, it is second occasion on which an antivirus vendor has been targeted by the attackers. Previously on February 11, 2009, security firm Kaspersky and a site of BitDefender's partner had faced similar attacks by the HackersBlog site.
Related article: F-Secure Alerts against Bogus Windows Update Sites
» SPAMfighter News - 25-02-2009