Friday, 8 February 2008

Anti-virus website infected with virus

An anti-virus company's website has been hacked and used to download malicious software to visitors' computers.

The old advice that warns you to steer away from the dangerous parts of the internet, and to visit only trusted sites, has been out of date for some time. Criminals like to hack websites that belong to legitimate organisations so that PCs belonging to innocent and trusting visitors download malware.

Now the website run by New Delhi-based anti-virus company AvSoft Technologies has been compromised, according to NetworkWorld.com. Its report claims that a researcher from another anti-virus company discovered the ploy. It quotes AVG's chief research officer Roger Thompson as saying, "the download section of AvSoft's S-cop Web site hosts the malicious code."

"The technique used on the site has been seen in thousands of similar hacks over the past few months. The attackers open an invisible iFrame Window within the victim's browser, which redirects the client to another server. That server, in turn, launches attack code that attempts to install malicious software on the victim's computer."

This is not only embarrassing to the security company, but it illustrates clearly the point that trust-worthy sites can be just as dangerous as the dark, spyware-laden corners of the web where, frankly, visitors get what they deserve.