Kaspersky’s official site hijacked, used to distribute malware

After being compromised, Kaspersky Labs US site started offering users malicious software.

No security product from Kaspersky Labs is directly responsible, but the issues encountered on their official US site will surely see them red faced. Last Sunday, the site displayed a promotion for a fake antivirus in their download section after the site was hijacked by cybercriminals.

Alerted by their antivirus systems, users quickly reported the problem in forums. Kaspersky Labs initially had doubts about these reports, but on Tuesday confirmed their authenticity.

In a press release, the Russian developer explained that the exploitation of a vulnerability in a third party application had compromised the domain name kasperskyusa.com. Users who tried downloading products were redirected to a malicious site. This is a classic move, with a pop up window in Windows XP appearing, displaying an alleged ongoing antivirus scan. This then led users to install a fake antivirus.

The redirections were in place for three and a half hours on Sunday. Once the vulnerability was detected, Kaspersky Labs confirmed that they undertook the required actions to correct the problem. Cleaning their servers to remove vulnerable components, at the same time an audit was conducted on all of Kaspersky Labs domains were performed.

This isn’t the first time that Kaspersky Labs US site has been hijacked through the exploitation of a vulnerability. A similar occurrence was noted at the beginning of 2009 when an SQL injection attack was witnessed. Generally, antivirus developer’s websites are the target of cybercriminals, with any hijack then being used to deploy fake software. When a hijacking attempt is successful, it is then often imitated.