Kaspersky site hacked and redirecting users to fake AV

If you tried to download and/or visit Kaspersky’s web site yesterday, please check if your computer didn’t get infected. Their web site was hacked and their download pages were redirecting users to a fake AV (malware) page.

The malware was getting loaded from http://77.78.246.143, which is already blacklisted by Google:

Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, 77.78.246.0 appeared to function as an intermediary for the infection of 46 site(s) including mygidoctors.com/, bruyereu.eu/, bitterpiecomix.com/.

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 1941 domain(s), including franchesco.kwik.to/, soloingenieria.net/, marchex.com/.

Users are complaining about it in their forums, but Kaspersky has not released an official statement about it:

http://forum.kaspersky.com/index.php?showtopic=189198
http://www.calendarofupdates.com/updates/index.php?showtopic=32851

Update: Kaspersky confirmed the incident to itpro.co.uk: http://www.itpro.co.uk/627817/updated-kaspersky-hit-by-cyber-criminals

It shows that even security companies are not immune from this types of attacks. Hopefully they will post an update soon.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.