Hacked Kaspersky server deploys scareware
Last Sunday, for a period of almost four hours, the US site of anti-virus vendor Kaspersky (kasperskyusa.com) deployed scareware on visitors' computers. When asked about the incident by the media, Kaspersky confirmed that it was indeed attacked. Users trying to download anti-virus products were redirected to an external page which pretended to perform a virus scan in a bogus "Windows Explorer" browser window. The page also tried to simulate an infection and scare visitors into downloading a program.
Kaspersky said that it took its server off-line shortly after being informed about the intrusion. However, in the forums, users reported that Kaspersky initially denied the incident and considered it the result of phishing attacks on users who had followed specially crafted links. It's unknown how many users downloaded and installed the scareware.
The criminals apparently managed to compromise the site via a vulnerable server component. Kaspersky said that the hole has since been fixed and that the restored servers are back in operation. The vendor reportedly audited all the servers in the domain. Kaspersky also said that no customer details were stolen in the attack.