AvSoft Technologies website hacked
In what must be quite an embarrassing episode, Indian anti-virus company AvSoft Technologies has had its website hacked. Rather than offering protection from viruses, the site started downloading a virus to users' machines.
AvSoft is a little-known security company, offering two main products, SmartCOP and SmartDOG. It also offers a service for recovering data after a virus attack has occurred
The infiltration has been identified by third-party security researchers, including Roger Thompson, chief research officer at AVG. The vulnerability has been exploited on the download page of the AvSoft S-Cop site and manages to open an invisible window, which loads to an alternative server and downloads the malicious software�all without the user's knowledge.
Thompson commented:
They let one of their pages get hit by an iFrame injection � It shows that anyone can be a victim�. It's hard to protect Web servers properly.
The attack is known as an iFrame injection, and the software used is of the Win32/Virut family. How the malicious code got on to the site has not yet been clarified, since AvSoft hasn't yet commented on the matter. Dave Marcus, McAfee Security Research Manager, believes it may just come down to programmer error in the SQL or PHP code used on the site.
In what must be quite an embarrassing episode, Indian anti-virus company AvSoft Technologies has had its website hacked. Rather than offering protection from viruses, the site started downloading a virus to users' machines.
AvSoft is a little-known security company, offering two main products, SmartCOP and SmartDOG. It also offers a service for recovering data after a virus attack has occurred
The infiltration has been identified by third-party security researchers, including Roger Thompson, chief research officer at AVG. The vulnerability has been exploited on the download page of the AvSoft S-Cop site and manages to open an invisible window, which loads to an alternative server and downloads the malicious software�all without the user's knowledge.
Thompson commented:
They let one of their pages get hit by an iFrame injection � It shows that anyone can be a victim�. It's hard to protect Web servers properly.
The attack is known as an iFrame injection, and the software used is of the Win32/Virut family. How the malicious code got on to the site has not yet been clarified, since AvSoft hasn't yet commented on the matter. Dave Marcus, McAfee Security Research Manager, believes it may just come down to programmer error in the SQL or PHP code used on the site.