The cyber Security Analyst Consultant at Q-CERT Ebrahim Hegazy has found an “Unvalidated Redirection Vulnerability” in the website of the giant security solutions vendor “Kaspersky”.
Ebrahim Hegazy (@Zigoo0)
has found an “Unvalidated Redirection Vulnerability” in the website of
the giant security solutions vendor “Kaspersky”.
Ebrahim Hegazy is the cyber Security Analyst Consultant at Q-CERT who found a SQL Injection in “Avira”
website last month, this time he found a Unvalidated Redirection
Vulnerability that could be exploited for various purposes such as:
- Cloned websites (Phishing pages)
- It could also be used by Black Hats for Malware spreading
In the specific case what is very striking is that the link usable
for the attacks is originated by a security firm like Kasperky with
serious consequences.
Would you trust a link from your security vendor? Absolutely Yes!
But imagine your security vendor is asking you to download a malware!
To explain how dangerous the situation is when your security vendor
is vulnerable, Ebrahim Hegazy sent me a video explaining the malware
spreading scenario to simulate a Black Hat’s exploiting Unvalidated
Redirection Vulnerability in Kaspersky website to serve a malware.
“Since I’m working on Cyber security analysis, I’ve seen many methods of black-hats to spread links, maybe this link is for Exploit kits, Java Applet, flash exploits, or maybe a direct link to their EXE file. Let’s take an example on the Facebook spreading techniques of the attackers, you may notice that “Mediafire” website was used lately in wide Malware spreading attack on Facebook.com,Which caused a wide infection, as the infected user will start to send links from Mediafire.com to his friends and since “Mediafire” is a trusted website/source for users so they simply click it and download the file!
But what if the links are coming from a very well known Security solutions vendor such as Kaspersky? For sure people will trust the links. So, through “Unvalidated Redirection Vulnerability” in Kaspersky, attackers will be able to spread a link coming from Kaspersky.com but when the user clicks on that link, he will get redirected to the attacker’s website which would download at Malware on their machines or even download a “Rogue Antivirus” to steal financial information such as credit card information!” explained Ebrahim Hegazy.
- Wide infection – since the redirection is coming from a trusted source especially if the attacker registered a domain name similar to Kaspersky.com
- Very bad reputation for Kaspersky company.
- Your most trusted resource “Your Antivirus” will be your worst enemy! Would you trust anything else!
And many other consequences.
The vulnerability was reported to Kaspersky web-team and is now fixed.
The post Kaspersky – Unvalidated redirection flaw exploitable to serve malware appeared first on Security Affairs.
No comments:
Post a Comment