Monday, February 11, 2008

This May Be Bad For Business

If a tire shop sold radials that blew out a mile down the road, that would be bad, right? Or a restaurant that gave you food poisoning? How about an antivirus vendor that gave you a virus?

AvSoft Technologies, a New Delhi company, got hacked and was installing malicious software on visitors' computers.

The download section of AvSoft's S-cop Web site was hit with bad code with a technique has been used in thousands of similar hacks over the past few months: The attackers open an invisible iFrame Window within the victim's browser, which redirects the client to another server. That server, in turn, launches attack code that attempts to install malicious software on the victim's computer.

The malicious software is a variant of the Virut virus family, in case you’re a nerd who knows about that stuff. Nerd out further on this: The iFrame pages are commonly used by Web developers to insert content into their Web pages, but because it is possible to create an invisible iFrame window, the technology is often misused by hackers as a way to silently redirect victims to malicious Web sites. Hmmm, a known problem that got exploited…what are the chances of that?

AvSoft sells an antivirus product called SmartCOP and has sold a second antivirus product called Smartdog. The company, which is not well-known in the U.S. (for now obvious reasons), also specializes in recovering data lost due to virus attacks.

Naturally, the company could not be reached for comment.

No comments: