What Protection! Kaspersky's Site Gets Hacked
Nothing is so hilarious as when a security vendor gets its site hacked. All right, we will admit that when ICANN was hacked that was also funny. In this case, Kaspersky, who many say (arguably) has the best security software around, had their Malaysian website hacked (yes, we probably could cut them some slack for the fact it was only their Malaysian site - nah).“The official Malaysian Kaspersky Antivirus’s website
has been hacked yesterday by a Turkish cracker going by the handle of
“m0sted”. Along with it, the same cracker hacked also the official
Kaspersky S.E.S. online shop and its several other subdomains. The
attacker reported “patriotism” as the reason behind the attack and “SQL
Injection” as the technical way the intrusion was performed.
Both websites has been home page defaced (sic) as well as several other
secondary pages. The incident, though appearing a simple website
defacement, might carry along big risks for end-users because from both
the websites, evaluation copies of the Kaspersky Antivirus are
distributed to the public. In theory, the attacker could have uploaded
trojanized versions of the antivirus, infecting in this way the unaware
users attempting a download from a trusted Kaspersky’s file repository
(remember the trojan in the Debian file repository?).”
SQL injection again? This is the same way that the RIAA's website was wiped clean in January. At the time of this writing, kaspersky.com.my remains offline (it asks for a password).