Kaspersky hit with SQL injection

Advertisement (Why?)

A group of Romanian hackers had sent a warning email to Kaspersky that an imminent attack is about to happen, and it in fact did just that, 1 hour after sending the email. The attack was a SQL injection into the company's database, but was unable to extract any real data, because the hackers were not advanced enough to.

An obviously embarrassed Kaspersky, an anti-virus and Internet security software developer, was ashamed that their web site was breached. The attack made an SQL injection on the newly launched US web site, which could ruin the company's reputation in the market of Internet security. Hackers using the SQL injection could have deleted or displayed data from the database by injecting unauthorized characters into the database.

Kaspersky has said if the hackers were more advanced, they could have stolen more than 2,500 email address with activation codes to their new products. Kaspersky is still unclear what the motives behind the attack were, and is investigating the matter.

(1 reply) #1 +tunafish on 11 Feb 2009 - 09:11

That is just embarrassing

#1.1 XerXis on 11 Feb 2009 - 12:33

tunafish said,

even more so because SQL injections are inexcusable and very easy to avoid

#2 Chaks on 11 Feb 2009 - 09:16

Kaspersky is my best anti-virus/internet security for Windows, I am sure things wont be bad for Kaspersky

(2 replies) #3 cork1958 on 11 Feb 2009 - 09:28

They ALL get hit with something every once in a while. Kaspersky will be on this like flies on doo doo!!

#3.1 Mav Phoenix on 11 Feb 2009 - 10:21

Have other security companies been hacked before? This is the first to my knowledge but I don't really know.

#3.2 +Xerxes on 11 Feb 2009 - 22:23

Yeah there have, I'm pretty sure Trend Micro was hacked a few years ago as well. It happens to everyone, nothing is 100% safe.

#4 Elite_graphix on 11 Feb 2009 - 10:02

were they using MS SQL ?

why not get a cisco IPS device and stop the sql attack attempts in its tracks..?

#5 SH3K0 on 11 Feb 2009 - 10:05

Sooner or later every security devices inevitably gets hacked.

(1 reply) #6 mclaren05 on 11 Feb 2009 - 14:17

Do I really have to say it? I guess so....

NOD32 FTW.

#6.1 BilliShere on 12 Feb 2009 - 00:48

LOL! yesss... nod 32 rulezzzzz!

#7 SimNet on 11 Feb 2009 - 14:20

It's a-okay! Norton's been this way as well! When Norton Got Blowed!

An Antivirus company that gets its networks infected by a virus that is ...

For the motive you ask?

#8 ajua on 11 Feb 2009 - 14:30

The attack made an SQL injection on the newly launched US web site, which could ruin the company's reputation in the market of Internet security.

Why overreact like this? I mean, nowadays it is safe to say that no one is 100% secured against any kind of attacks.

I do agree that SQL injection attacks are avoidable.

#9 Airlink on 11 Feb 2009 - 19:52

Nobody's perfect.
Remember: There's no such thing as perfect security.

#10 indiansboy94 on 11 Feb 2009 - 20:04

Very embarrassing!

(1 reply) #11 RealFduch on 11 Feb 2009 - 21:35

Yo! Cool people using cool languages of frrrreeedom.
Cool people having complete control over their cool MySQL queries they write in their Emacs.

So cool.

#11.1 XerXis on 11 Feb 2009 - 23:31

RealFduch said,

wtf are you on?

#12 Albert on 12 Feb 2009 - 01:32

good one.

it's good to see someone keeping them on their toes. nothing beats a humbled and humiliated anti-virus developer.

looks how much good it did to symantec ...

btw, this won't stop me from renewing my kaspersky licence next month when mine expired.

#13 tester.br on 12 Feb 2009 - 04:14

I'm tired of repeat it: "Kaspersky SUCK"

preaky app ... besides resource HOG.

NOD32 is the way !

#14 tareqf1 on 13 Feb 2009 - 04:37

nod32 missed virus that even Avast detect. I was using ESET 4 smart security.
kaspersky is resource hog, so I switched into NAV09.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net