Kaspersky's Malaysian site hacked by Turkish hacker

Kaspersky's Malaysian site hacked by Turkish hacker

Summary: According to Zone-h.org, Kaspersky's Malaysian site has been defaced by a Turkish hacker during the weekend, through a SQL injection, leaving the following message - "hacked by m0sted And Amen Kaspersky Shop Hax0red No War Turkish Hacker Thanx to Terrorist Crew all team members".

SHARE:

According to Zone-h.org, Kaspersky's Malaysian site has been defaced by a Turkish hacker during the weekend, through aKasperskyÂ’s Malaysian site hacked by Turkish hacker SQL injection, leaving the following message - "hacked by m0sted And Amen Kaspersky Shop Hax0red No War Turkish Hacker Thanx to Terrorist Crew all team members".

"The official Malaysian Kaspersky Antivirus's website has been hacked yesterday by a Turkish cracker going by the handle of "m0sted". Along with it, the same cracker hacked also the official Kaspersky S.E.S. online shop and its several other subdomains. The attacker reported "patriotism" as the reason behind the attack and "SQL Injection" as the technical way the intrusion was performed.

Both websites  has been home page defaced as well as several other secondary pages.  The incident, though appearing a simple website defacement, might carry along big risks for end-users because from both the websites, evaluation copies of the Kaspersky Antivirus are distributed to the public. In theory, the attacker could have uploaded trojanized versions of the antivirus, infecting in this way the unaware users attempting a download from a trusted Kaspersky's file repository (remember the trojan in the Debian file repository?)."

Are users at risk due to the compromise? Not in this case, however, the attack is a wake up call which if not taken seriously enough could result in an ironic situation where a security vendor's site is infecting its visitors with malware. It has happened before, and it will definitely happen again.

This is not an isolated incident. According to Zone-h's archive, since 2000 there have been 36 web site defacements of international Kaspersky sites, with Kaspersky's French site getting hacked and re-hacked on an yearly basis. And while in none of the incidents there was any malicious software served, or a live exploit URL that could have been embedded into the legitimate site, there's an ongoing trend related to web site defacements in regard to their interest in monetizing the access they have to the vulnerable sites, by injecting malware URLs, hosting phishing pages, and also, locally hosting blackhat SEO junk pages where they would eventually earn money through affiliate based networks.

In the time of blogging there's no indication of a malware attack at the site, and kaspersky.com.my remains offline, presumably in an attempt to audit the site for web application vulnerabilities before putting it back online.

Related posts :

Topics: Malware, Networking, Security, Software, China

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Hackers Gone Wild?

    Hey - you beat me to the story - but I've been working on a piece on these guys as well. There is a very nationalistic thread through all the hacks they've done, whether it's the NeTDevilz, or the AyYildiz Team. They've pwn3d some very impressive sites not the least of which is ICANN and PhotoBucket, as well as mastermined some very interesting anti-Croatian hacks as well. What makes 'em tick? I can't say for sure but they have their very own YouTube pages with various intros and videos that are interesting...

    This is all very interesting, I'm hoping to dig up more.

    /Raf
    http://preachsecurity.blogspot.com/2008/07/turkish-hackers-gone-wild.html
    Rafal.Los (RX8volution)
    • so called "hackers"

      sql injections and tampering with dns registers isnt what i would call hacking. these guys are jokes but are getting so much credit and publicity.
      JamesDoyle
  • RE: Kaspersky's Malaysian site hacked by Turkish hacker

    I just got this program I hope its safe
    ryanlee05
    • I hope its safe

      Probably not. Anti Virus software, or buying additional software in order to make your operating system function as advertised, is a broken fix to a problem that should not be a problem in the first place.
      tracy anne
      • ok fanboy

        shut up and go crawl under whatever rock you creeped out of. viruses are a threat to ANY OS. even your precious mac or linux.
        JamesDoyle
        • Indeed they are

          On the other hand, Anti Virus Software. Which is the act of adding additional software to an existing system, in order to make the existing system function as advertised, is still a broken fix for the problem of Viruses,and they don't, in the long run, make the system they are supposed to be protecting, any less insecure.
          tracy anne
  • RE: Kaspersky's Malaysian site hacked by Turkish hacker

    why not Kaspersky hire some security expert..
    shuklabhi
  • What a black-eye...

    In Kaspersky's face! Maybe I should go back to writing letters via the postal system? (Or switch to Linux)tisk-tisk.
    RS9
  • Websites Were Under Construction

    Both of the websites that were attacked are managed using third-party hosting. The sites have never been publicly accessible as they are still under construction.

    Since the websites are still being developed, they haven???t yet been fully secured. Naturally appropriate security features will be implemented before the sites go live.

    This situation can be compared to a thief breaking into an empty house that is still under construction and has not been yet properly secured. Breaking in is therefore an easy task, but in such cases there is nothing to steal or damage ??? the websites are not yet live and are not linked to other Kaspersky Lab corporate websites. It seems clear that the attacker???s only motive was to attract attention.

    This attack could therefore not harm users in any way. Additionally, it will not be possible to use this attack method once the websites have been officially launched.
    SpencerB