RSS Alerts
Click here...

Related Stories

  • Symantec hacked in SQL attack
    Symantec's Japanese support website has been hacked using an SQL injection attack, the company confirmed yesterday.
  • US House websites hacked after state of the union
    Websites for 49 members of the US House of Representatives were hacked shortly after President Obama’s State of the Union address last Wednesday night. The attacks appear to have been carried out by the Red Eye Crew according to researchers at security consultant Praetorian Security Group.
  • Nine Lives - Self-modifying Malware
    As the Conficker worm proved when it first appeared in October 2008, there’s more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager’s nightmare has become a programming reality
  • Infosecurity weekly brief - September 15, 2009
    Breaches, threats, protections and security directions - we summarise what's been happening in the world of information security over the past week.
  • Campaign Monitor hit by hacker server incursion
    Campaign Monitor, the Australia-based email marketing software developer, has warned users of compromise to its servers that took place over last weekend.

News

More details emerge on Kaspersky hack

10 February 2009

As more details of the Kaspersky web site hack came to light yesterday, the same hacking forum posted details of a similar SQL injection attack, this time on a Portugese reseller for anti-malware firm BitDefender.

The Kaspersky hack, discovered over the weekend, exposed 2500 email addresses to potential attack, along with 25000 activation codes for the company's home user product.

Roel Schouwenberg, Sr. Anti-virus Researcher, Kaspersky Lab, Americas, explained that the SQL injection attack occurred following the use of some code on a support website that did not go through its internal code review process. The code was written by an external contractor whose identity the company would not reveal, using code libraries written by Kaspersky staff. "This part of the code did not receive the usual scrutiny," he said.

Kaspersky changed its story slightly from this weekend, when it had said that the breach existed for only half an hour. In a conference call yesterday, Schouwenberg said that the new support site was vulnerable from its launch on 29 January through to the discovery of the vulnerability on 7 February. However, he added that although the emails and IDs were exposed, the company was confident that the breach had not resulted in any actual data loss. "We did an internal forensic analysis which showed that no data was leaked. We've hired David Litchfield to conduct an independent forensic analysis on the machine," he added.

Schouwenberg admitted that the breach was damaging to the company's reputation. "This is not good for any company, and especially a company dealing with security. This should not have happened. We are now doing everything in our power to do the forensics on this case and to prevent it from ever happening again," he concluded.

In the meantime, the hacking forum that posted information about the Kaspersky vulnerability appears to be on a roll. Yesterday it posted details of what it said was a similar SQL injection attack against BitDefender.pt, which the hackers originally took to be the Portugese site for BitDefender. In fact, the site is owned by Uptrend, a reseller partner for the company. The hackers claim to have access to thousands of customer records for that site, which will create further questions about the role of security software vendors in conducting due diligence on their own sites, and those of their channel partners.

Uptrend's site (translated) appeared to have no information about the breach as of 5am Lisbon time this morning.

Unlike Kaspersky, which was fielding emails over the weekend, BitDefender did not respond to requests for comment yesterday.

 

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water