Russian security company Kaspersky Lab's Web site for Malaysia was defaced on Saturday along with one of its online shopping sites, according to Zone-H, an organization that documents such attacks.
The attacker, nicknamed "m0sted," wrote that the site was compromised through SQL injection, wrote Roberto Preatoni on a Zone-H posting.
The attack involves inputting code into a form on a Web page in an attempt to get the back-end database to respond. It can enable the hacker to gain control over the Web site.
Kaspersky has since locked down the site, which is apparently running Microsoft's Internet Information Services Web server. The site is no longer open to the public and requires a user name and password for access.
Images of the hack posted on Zone-H show repeated subjects in the left-hand news section reading "hacked by m0sted and amen Kaspersky Hax0red No War." Other secondary pages were also compromised, Preatoni wrote...
The hacker hacks the website without authorize permission and enable the hacker to gain control over the Web site. It causes the site to no longer open to the public and requires a user name and password for access. Although the attacks appear to be just vandalism, but there could be more serious risks because it is possible for an attacker to upload malicious software labeled as Kaspersky's software. This creates problems to user who were tricked by downloading the software and affected by it which will harm the computer system causing it to be error. Furthermore, hackers which inserted malicious software such as “key loggers” will obtain the information u keyed in and will abuse and use for their own their advantage.
No comments:
Post a Comment