Kaspersky’s USA download site was hacked.
For three and a half hours on Sunday, it has been providing download links that redirected users to a malicious web page where windows telling them their computer was infected were popping up and they were encouraged to buy a fake AV solution.
The fact was noted by various users on three separate forums. Among those was Kaspersky’s own forum, and judging by the comment left by someone with the username “Micha” who appears to be an employee of the security firm stationed in Japan, the problem was solved.
According to ITPro, the incident was first denied, then confirmed by Kaspersky. They say that they took the server offline as soon as they found out about the breach, that the compromise was caused by a vulnerability in a third party application for website administration and that customer details contained on company servers were not compromised.
“Kaspersky Lab takes any attempt to compromise its security seriously. Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software,” they stated in the statement for the press.
Compromising legitimate pages is a favorite tactic used by malware peddlers, since they are usually better positioned in search results than brand new ones. Whether this instance of compromising a website of a security firm will mark the beginning of a trend, only time can tell.