Kaspersky.com Unvalidated Redirection Vulnerability.

10105.gif

Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware!

During my researches on Kaspersky.com I found “Unvalidated Redirection Vulnerability ” that could be used by attackers to trick Kaspersky.com users into visitng Malicious web-sites!

To demonstrate the impact of such vulnerabilities I made a video to simulate a black-hat method to use this vulnerability to spread a Malware.

Video POC:

The consequences of unfixing of such vulnerability are critical
  • Wide infection – since the redirection is coming from a trusted source especially if the attacker registered a domain name similar to Kaspersky.com
  • Very bad reputation for Kaspersky company.
  • Your most trusted resource “Your Antivirus” will be your worst enemy! Would you trust anything else!
And many other consequences. The vulnerability was reported to Kaspersky web-team and is now fixed.

Leave a reply