The websites of two major providers of security products have been hit by hackers.
The website of Russian IT security provider Kaspersky Lab was hit at the weekend by a Romanian ‘white-hat’ hacker.
A group calling itself ‘the Romanian Security Team’ claimed that the hackers achieved full access to the database supporting the websites – which includes customer data – by simply altering a parameter in the URLs. They could also perform SQL injections to remotely introduce harmful code into the database.
The group also claimed to have hit the Portuguese site of US anti-virus provider BitDefender, with the personal details of thousands of users viewed. The hackers said that they alerted the two companies of the security flaw and did not expose any of the data they found.
Kaspersky Lab said in a statement: “On Saturday February 7 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site.
“The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn’t critical and no data was compromised from the site.”
Gunter Ollmann, chief security strategist at IBM’s Internet Security Systems, said: “I hope that Kaspersky administrators fix this vulnerability rather quickly as they no doubt have a large customer base, and it would appear that all those customers are now exposed
“On top of that, this type of critical flaw can probably be used to usurp legitimate purchases and renewals of their products - which could include the linking to malicious and backdoored versions of their software - thereby infecting those very same customers that were seeking protection from malware in the first place.â€
Showing posts with label providers. Show all posts
Showing posts with label providers. Show all posts
Sunday, February 7, 2010
The websites of two major providers of security products have been hit by hackers.
A new Valentine’s Day spam email has been detected by Websense as containing a Waledac variant. Websense Security Labs has reported to have seen several fake Valentine’s Day sites serving up malware recently, with an increase in adult dating and ‘healthcare’ related email spam released to mark the occasion. Carl Leonard, Websense threat research manager, claimed that it works by the user opening the URL in the spammed message and being redirected to a site with two puppies and a love heart to give a Valentine’s theme. The user is then enticed to download a Valentine’s kit to prepare a present for a loved one, which is a new Waledac variant.
Leonard said: “The usual suspects have emerged as expected, with Valentine spam emails and Trojans. The public are becoming more aware of these and it is getting harder to trick people this way. Cybercriminals are also taking their efforts to social networks, given its rising popularity and potential to manipulate the user through ‘friend’ messages.
“Organised criminal units have a long history of timing their attacks to coincide with popular occasions in order to achieve maximum success. Valentine’s Day 2009 is a day that is similarly marked on the criminals’ calendar for targeted attacks.â€
Websense has warned of three key signs of fake sites: ‘Broken Hearts’ sites show colourful images such as puppy dogs or a picture of 12 pretty hearts and ask ‘Guess, which one is for you?’. The web page however is one big image and a single click from a tricked user commences the download of Trojans named “onlyyou.exe†or “youandme.exeâ€, which can connect to remote websites to receive commands and send information about the compromised system.
‘I am your friend’ uses social networking tricks to get users to visit fake sites, with Websense claiming that a popular technique at the moment is spam email pretending to originate from social networking sites – complete with love hearts and cartoon characters. Clicking through to the link would download a Trojan designed to steal log in credentials for banking sites.
Seventy per cent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. Specially created malicious sites are in decline as cybercriminals switch to compromising ‘trusted’ websites. Websense claimed that as there is increased confidence in shopping and researching online - a lot of which happens whilst in the office – people are turning to the internet to order flowers, chocolates and other gifts and cybercriminals are compromising these sites and stealing data.
Leonard said: “The underground economy is positively flourishing as companies fail to keep up with security technology. Criminals are taking advantage of the growing number of Web 2.0 properties, which allows user generated content. More than ever we’re seeing websites injected with links to direct users to malicious and compromised sites.
“Since many email security systems lack web intelligence, spammers have also stepped up email campaigns which contain links to malicious web pages. It’s clear that businesses need security with real-time protection, but until this becomes the norm – cybercriminals will continue stealing data and breaking hearts.â€
source : http://www.hacking-news.com/
Leonard said: “The usual suspects have emerged as expected, with Valentine spam emails and Trojans. The public are becoming more aware of these and it is getting harder to trick people this way. Cybercriminals are also taking their efforts to social networks, given its rising popularity and potential to manipulate the user through ‘friend’ messages.
“Organised criminal units have a long history of timing their attacks to coincide with popular occasions in order to achieve maximum success. Valentine’s Day 2009 is a day that is similarly marked on the criminals’ calendar for targeted attacks.â€
Websense has warned of three key signs of fake sites: ‘Broken Hearts’ sites show colourful images such as puppy dogs or a picture of 12 pretty hearts and ask ‘Guess, which one is for you?’. The web page however is one big image and a single click from a tricked user commences the download of Trojans named “onlyyou.exe†or “youandme.exeâ€, which can connect to remote websites to receive commands and send information about the compromised system.
‘I am your friend’ uses social networking tricks to get users to visit fake sites, with Websense claiming that a popular technique at the moment is spam email pretending to originate from social networking sites – complete with love hearts and cartoon characters. Clicking through to the link would download a Trojan designed to steal log in credentials for banking sites.
Seventy per cent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. Specially created malicious sites are in decline as cybercriminals switch to compromising ‘trusted’ websites. Websense claimed that as there is increased confidence in shopping and researching online - a lot of which happens whilst in the office – people are turning to the internet to order flowers, chocolates and other gifts and cybercriminals are compromising these sites and stealing data.
Leonard said: “The underground economy is positively flourishing as companies fail to keep up with security technology. Criminals are taking advantage of the growing number of Web 2.0 properties, which allows user generated content. More than ever we’re seeing websites injected with links to direct users to malicious and compromised sites.
“Since many email security systems lack web intelligence, spammers have also stepped up email campaigns which contain links to malicious web pages. It’s clear that businesses need security with real-time protection, but until this becomes the norm – cybercriminals will continue stealing data and breaking hearts.â€
source : http://www.hacking-news.com/
Subscribe to:
Posts (Atom)
