The Register® — Biting the hand that feeds IT

Feeds

Hackers seed malware on Indian anti-virus site

Who guards the guards?

By John Leyden, 8th February 2008
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Hackers planted malicious script on the site of an Indian anti-virus firm this week. The website of AVsoft Technologies was attacked by unidentified miscreants in order to distribute a variant of the Virut virus.

AVsoft Technologies makes the SmartCOP antivirus package. One of the download pages of the site was boobytrapped with malicious code that used the infamous iFrame exploit to push copies of the Virut virus onto visiting unpatched (or poorly patched) Windows PCs.

The technique is a popular method for turning the websites of legitimate organisations in sites for drive-by malware downloads. Virut opens up a backdoor on infected PCs, allowing hackers to download and run other malware (or anything else they fancy) onto infected computers.

The compromise of AVsoft's site came to light via a post on a full disclosure mailing list on Thursday. It's unclear whether of not AVsoft has since purged its site (which remains available) of nasties. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (6)
Latest Comments
Philip

Paranoid

Is this perhaps the first attempt to infiltrate an AV vendor’s development environment and leave a legacy for years to come?

0
0
Anonymous Coward

It looks like a virus, smells like a virus....

Bah!

Adopt the Glock internet security model; a Glock does not have a safety, you pull the trigger or you don't.

0
0
Steve Roper

And the obligatory conspiracy theory...

...is that this was the work of US-based antivirus companies like Trend or McAffee, who could have sabotaged the site in protest at these third-world countries stealing all the programming jobs and working for 5c per hour. Or simply to discredit a foreign rival. Or something.

Mine's the one with the tinfoil beanie, poncho, gauntlets, facemask, leggings and socks...

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
133
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15