Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Kaspersky – Unvalidated redirection flaw exploitable to serve malware

The cyber Security Analyst Consultant at Q-CERT Ebrahim Hegazy has found an “Unvalidated Redirection Vulnerability” in the website of the giant security solutions vendor “Kaspersky”. Ebrahim Hegazy (@Zigoo0) has found an “Unvalidated Redirection Vulnerability” in the website of the giant security solutions vendor “Kaspersky”. Ebrahim Hegazy is the cyber Security Analyst Consultant at Q-CERT who found a SQL […]

Kaspersky – Unvalidated redirection flaw exploitable to serve malware

The cyber Security Analyst Consultant at Q-CERT Ebrahim Hegazy has found an “Unvalidated Redirection Vulnerability” in the website of the giant security solutions vendor “Kaspersky”.

Ebrahim Hegazy (@Zigoo0) has found an “Unvalidated Redirection Vulnerability” in the website of the giant security solutions vendor “Kaspersky”.
Ebrahim Hegazy is the cyber Security Analyst Consultant at Q-CERT who found a SQL Injection in “Avira” website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as:
  • Cloned websites (Phishing pages)
  • It could also be used by Black Hats for Malware spreading
In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kasperky with serious consequences.
Would you trust a link from your security vendor? Absolutely Yes!
But imagine your security vendor is asking you to download a malware!
To explain how dangerous the situation is when your security vendor is vulnerable, Ebrahim Hegazy sent me a video explaining the malware spreading scenario to simulate a Black Hat’s exploiting Unvalidated Redirection Vulnerability in Kaspersky website to serve a malware.
Unvalidated redirection on Kaspersky
“Since I’m working on Cyber security analysis, I’ve seen many methods of black-hats to spread links, maybe this link is for Exploit kits, Java Applet, flash exploits, or maybe a direct link to their EXE file. Let’s take an example on the Facebook spreading techniques of the attackers, you may notice that “Mediafire” website was used lately in wide Malware spreading attack on Facebook.com,Which caused a wide infection, as the infected user will start to send links from Mediafire.com to his friends and since “Mediafire” is a trusted website/source  for users so they simply click it and download the file!

But what if the links are coming from a very well known Security solutions vendor such as Kaspersky? For sure people will trust the links. So, through “Unvalidated Redirection Vulnerability” in Kaspersky, attackers will be able to spread a link coming from Kaspersky.com but when the user clicks on that link, he will get redirected to the attacker’s website which would download at Malware on their machines or even download a “Rogue Antivirus” to steal financial information such as credit card information!” explained Ebrahim Hegazy.

After the researcher reported the vulnerability to Kaspersky team, it took about 2 months to fix the vulnerability, it is really a long time considering that if a hacker had found this flaw before Hagazy he could spread links using Kaspersky.com.

The consequences of unfixing of such vulnerability are critical

  • Wide infection – since the redirection is coming from a trusted source especially if the attacker registered a domain name similar to Kaspersky.com
  • Very bad reputation for Kaspersky company.
  • Your most trusted resource “Your Antivirus” will be your worst enemy! Would you trust anything else!
And many other consequences.
The vulnerability was reported to Kaspersky web-team and is now fixed.

Pierluigi Paganini

(Security Affairs – Poison Ivy , cybercrime, cyberespionage)