Filed under: Security
It hasn't been smooth sailing for security vendor Kaspersky Labs over the last few years. Back in 2008, the company's Malaysian website was defaced by a Turkish hacker via an SQL injection. In 2009, their U.S. support site was compromised — again by the use of an SQL injection.
Following the second breach, Kaspersky's Roel Schouwenberg lamented, “This is not good for any company, and especially a company dealing with security.” He's sure right about that. It's about as bad as things could get for an anti-malware provider… Right?
Well, almost. There is one possible scenario which is slightly worse: having your legitimate, well-known security site hacked so that it redirects potential downloaders to malicious software instead. And that's exactly what happened.
Kaspersky denied the hack and redirect at first, but this is the kind of thing that's a little hard to cover up in 2010. Reports sprang up on their own forums and across the Internet, and Kaspersky eventually fessed up. They later offered an official statement:
Kaspersky Lab takes any attempt to compromise its security seriously. Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software
Identifying the attacker and potential risk to your clients sounds like a good idea. You know what else might be a good idea? Securing your own servers so this doesn't happen again.
photo by flickr user pvera
Kaspersky has its own security breached yet again
Fuente: Download Squad