Thursday, 5 September 2013

Hacker reported vulnerability in Kaspersky website; Demonstrated malware spreading technique

The cyber Security Analyst  'Ebrahim Hegazy' (@Zigoo0) Consultant at Q-CERT has found an "Unvalidated Redirection Vulnerability" in the website of the giant security solutions vendor "Kaspersky".

Ebrahim, who found a SQL Injection in "Avira" website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as:


  • Cloned websites (Phishing pages)
  • It could also be used by Black Hats for Malware spreading
In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kaspersky with serious consequences.

Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware!

No comments:

Post a Comment