Of course I have reported this problem to Kaspersky as well.” Please enter your credit card number to renew your subscription”.
#KASPERSKY ANTIVÍRUS LICENSE#
“Imagine something along the lines of “Your Kaspersky license has expired. They may use that information to distribute malware tailored to the protection software, or to redirect the browser to a suitable scamming page.” concludes the expert. “That is actually valuable information to an attacker.
![kaspersky antivírus kaspersky antivírus](https://www.download3k.com/screenshots/17/5560/0.png)
#KASPERSKY ANTIVÍRUS SOFTWARE#
Kaspersky Small Office Security up to 6Įxperts pointed out that Kaspersky URL Advisor feature still allows checking if a visitor has Kaspersky Antivirus software installed on his computers, an information that could be used by scammers in various ways.The attacker has to prepare and deploy a malicious script on the web servers from where he will track the user.” “This issue was classified as User Data disclosure. “Kaspersky has fixed a security issue (CVE-2019-8286) in its products that could potentially compromise user privacy by using unique product id which was accessible to third parties.” reads the advisory published by Kaspersky. Now the same value ( FD126C42-EBFA-4E12-B309-BB3FDD723AC1) is assigned for all users. Worse yet, the super tracking can even overcome the browser’s incognito mode.”Įikenberg reported the issue to Kaspersky that addressed it in July. In that case, websites can track Kaspersky users, even if they switch to a different browser. “If this assumption is correct, Kaspersky has created a dangerous tracking mechanism that makes tracking cookies look old. If the same Universally Unique Identifier comes back, or appears on another website of the same operator, they can see that the same computer is being used.” continues the post. In other words, any website can read the user’s Kaspersky ID and use it for tracking. Other scripts running in the context of the website domain can access the entire HTML source any time, which means they can read the Kaspersky ID. This means that the ID was permanently associated with each system running Kaspersky Antivirus.
![kaspersky antivírus kaspersky antivírus](https://westerntechies.com/wp-content/uploads/2019/03/Kaspersky-Internet-Security-Antivirus.jpg)
He also noticed that the IDs were persistent and did not change over time. These IDs are used to make things, well, uniquely identifiable”Įikenberg installed the Kaspersky antivirus software on other computers and discovered that UUID in the source address was different on each of them. The structure matches a so-called Universally Unique Identifier (UUID). The part marked bold has a characteristic pattern. “This could have been the end of my analysis, but there was this one small detail: The address from which the Kaspersky script was loaded contained a suspicious string: 9344FDA7-AFDF-4BA0-A915-4D7EEB9A6615/main.js “My first examination of Kaspersky’s script main.js showed me that, among other things, it displays green icons with Google search results if Kaspersky believes the relevant link to lead to a clean website.” reads the post published by the expert. The string could be easily used by websites, advertising, and analytics services to track users online. the page belongs to a list of phishing web domains).Īnalyzing the string of the URL of the JavaScript, Eikenberg discovered that it was containing a unique string for every Kaspersky user that could be used to track it.
#KASPERSKY ANTIVÍRUS CODE#
Kaspersky Internet security solution injects a remotely-hosted JavaScript file directly into the HTML code of every web page visited by its users to check if the page is blacklisted for some reason (i.e.
![kaspersky antivírus kaspersky antivírus](https://m.media-amazon.com/images/I/41LIe3l0WRL.jpg)
![kaspersky antivírus kaspersky antivírus](https://a-static.mlcdn.com.br/1500x1500/kaspersky-antivirus-1-dispositivo-1-ano-versao-2021/esyworld/3677103820/33094bbdbb90ad706ebd0a643e8ec5f0.jpg)
The vulnerability was discovered by the security researcher Ronald Eikenberg, it resides in the URL scanning module, called Kaspersky URL Advisor, of the antivirus software. The bad news is that users might have been exposed to cross-site tracking even if they have blocked or deleted cookies.