Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware!
During my researches on Kaspersky.com I found “Unvalidated Redirection Vulnerability ” that could be used by attackers to trick Kaspersky.com users into visitng Malicious web-sites!
To demonstrate the impact of such vulnerabilities I made a video to simulate a black-hat method to use this vulnerability to spread a Malware.
Video POC:
The consequences of unfixing of such vulnerability are critical
- Wide infection – since the redirection is coming from a trusted source especially if the attacker registered a domain name similar to Kaspersky.com
- Very bad reputation for Kaspersky company.
- Your most trusted resource “Your Antivirus” will be your worst enemy! Would you trust anything else!
And many other consequences. The vulnerability was reported to Kaspersky web-team and is now fixed.