Russian security firm Kaspersky has fallen victim to the cyber criminals it tries to protect users against.
The company's website - which sells anti-virus software - has admitted it was compromised in an attack on Sunday. Hackers altered the Kaspersky web site such that users trying to download Kaspersky's software were instead redirected to sites loaded with malware.
When duped users reached the destination, they were encouraged to download fake anti-virus software which could compromise their data security.
After initially denying reports posted on online forums, Kaspersky representatives confirmed that attackers had exploited a vulnerability in a third party application used for administrating the security vendor's website.
The company claimed the redirection to the fake anti-virus site only lasted three-and-a-half hours. Further, Kaspersky claimed the affected server was taken offline within ten minutes of being notified.
"Currently the server is secure and fully back online, and Kaspersky products are available for download," the firm said in a statement.
"Kaspersky Lab also wants to confirm that no individual's details were compromised from the company's web servers during this attack.
"Kaspersky Lab takes any attempt to compromise its security seriously. Our researchers are currently working on identifying any possible consequences of the attack for affected users, and are available to provide help to remove the fake antivirus software."
Writing about the incident on his blog, Rik Ferguson, senior security advisor at rival firm Trend Micro said that security vendors "have often been the target of both malicious and mischievous hackers and without fail, honesty and transparency have always been the best policy in the aftermath of such an event."
(Editing by Brett Winterford).
Copyright © ITPro, Dennis Publishing
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.