RSS Alerts

Related Stories

  • Symantec hacked in SQL attack
    Symantec's Japanese support website has been hacked using an SQL injection attack, the company confirmed yesterday.
  • Searching for Security
    With more than 30 000 web pages being compromised every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves
  • Do Punishments Fit the Cybercrime?
    Although some collaborative strides have been made, the international law enforcement community still lacks sufficient resources and skills to have substantial impact on the cybercrime juggernaut. The (ISC)² U.S. Government Advisory Board examines deterrent effects of recent high-profile prosecutions, legislative gaps, challenges in US cybercrime laws, and obstacles facing international law enforcement strategies.
    Members' Content
  • Comment: Why Cybercriminals Love WiFi
    AirTight Network’s Ajay Kumar Gupta says it’s no coincidence that cybercriminals like to use WiFi connections. Here he provides an overview of the reasons why, and what can be done to prevent them from using your wireless network as an accomplice.
    Members' Content
  • Comment: Automated security analysis – learning to love change
    Change is the only constant in security – new users, new apps, growing networks and new threats mean recurring headaches for security teams. So how can IT stay ahead of change when everything is in flux? Gidi Cohen of Skybox Security shows how
    Members' Content

News

More details emerge on Kaspersky hack

10 February 2009

As more details of the Kaspersky web site hack came to light yesterday, the same hacking forum posted details of a similar SQL injection attack, this time on a Portugese reseller for anti-malware firm BitDefender.

The Kaspersky hack, discovered over the weekend, exposed 2500 email addresses to potential attack, along with 25000 activation codes for the company's home user product.

Roel Schouwenberg, Sr. Anti-virus Researcher, Kaspersky Lab, Americas, explained that the SQL injection attack occurred following the use of some code on a support website that did not go through its internal code review process. The code was written by an external contractor whose identity the company would not reveal, using code libraries written by Kaspersky staff. "This part of the code did not receive the usual scrutiny," he said.

Kaspersky changed its story slightly from this weekend, when it had said that the breach existed for only half an hour. In a conference call yesterday, Schouwenberg said that the new support site was vulnerable from its launch on 29 January through to the discovery of the vulnerability on 7 February. However, he added that although the emails and IDs were exposed, the company was confident that the breach had not resulted in any actual data loss. "We did an internal forensic analysis which showed that no data was leaked. We've hired David Litchfield to conduct an independent forensic analysis on the machine," he added.

Schouwenberg admitted that the breach was damaging to the company's reputation. "This is not good for any company, and especially a company dealing with security. This should not have happened. We are now doing everything in our power to do the forensics on this case and to prevent it from ever happening again," he concluded.

In the meantime, the hacking forum that posted information about the Kaspersky vulnerability appears to be on a roll. Yesterday it posted details of what it said was a similar SQL injection attack against BitDefender.pt, which the hackers originally took to be the Portugese site for BitDefender. In fact, the site is owned by Uptrend, a reseller partner for the company. The hackers claim to have access to thousands of customer records for that site, which will create further questions about the role of security software vendors in conducting due diligence on their own sites, and those of their channel partners.

Uptrend's site (translated) appeared to have no information about the breach as of 5am Lisbon time this morning.

Unlike Kaspersky, which was fielding emails over the weekend, BitDefender did not respond to requests for comment yesterday.

 

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water