Unvalidated Redirection Vulnerability in Kaspersky website has found by security expert Ebrahim Hegazy, Cyber Security Analyst Consultant at Q-CERT.
According to Ebrahim blog post, the “Unvalidated Redirection Vulnerability” in the website of the well known Antivirus and Internet Security software developer Kaspersky could be used by attackers to trick Kaspersky.com users into visitng Malicious web-sites!
After the researcher reported the vulnerability to Kaspersky team, it took about 2 months to fix the vulnerability. The vulnerability was reported to Kaspersky web team and now it is fixed.
The video bellow demonstrates how to simulate a black-hat method to use this vulnerability to spread a Malware.
Originally posted at Internet Security Magazine