Oh great, this is all we need. Kaspersky Lab, a big antivirus software company, has been hacked, according to the Register. That seems to be the conclusion based on evidence posted on HackersBlog yesterday.
The hacker apparently launched a simple attack (SQL injection) that gave access to a database containing “users, activation codes, lists of bugs, admins, shop, etc.” Dan Goodin at the Register reports that this kind of attack has happened a few dozen times at Kaspersky since 2000.
That’s pretty bad PR for Kaspersky, whose job it is to protect us all from malicious hackers. If they can’t keep their own data safe and secure, are you going to trust them with yours? That’s always been the case in the antivirus and security software industry. Hackers love to embarrass the people who are out to stop them in their tracks.
[update] A Kaspersky spokesman sent the following comment:
On Saturday, February 7, 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site. The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn’t critical and no data was compromised from the site.
Kaspersky’s site says it protects more than 250 million users worldwide. The company was founded in 1997. The company frequently warns of Internet-related dangers; in this release, it notes that one in every 50 Internet sites is infected with malicious code.
The larger problem isn’t that Kaspersky got hacked. It’s just happening to everybody. [Update 2, Monday AM] The company’s support site was exposed for about ten days to this vulnerability, Kaspersky said in a call today. Roel Schouwenberg, senior anti-virus researcher at Kaspersky, said honestly that this will hurt the reputation of the company and it will do everything it can to protect itself. He said that the company partnered with an external vendor who custom-developed some code for the company. The vulnerability was in that external vendor’s code. The company said it has hired outside help to investigate the matter.