Kaspersky’s antivirus software made it possible for websites to track users for many years. The software injected JavaScript code on every website in every browser on a test laptop.

The German journalist Ronald Eikenberg discovered this from ct. The JavaScript also contained an ID number that was replicated on every page rendered on a machine. On other PCs, the ID number changed.

The ID number was always replicated, even if the incognito mode was used or if cookies were deleted. That ID number can be read by other scripts that run in the context of the website. This allows any website to read the ID number and use it to track someone.

Reaction Kaspersky

Eikenberg reported his findings to Kaspersky. According to him, the company reacted quickly and said it would investigate the problem. Two weeks later, the study was completed and it turned out that the problem affected all consumer versions of Kaspersky software for Windows. In addition, the problem was in Small Office Security.

The leak appeared in the 2016-editions of the software, which came on the market in the autumn of 2015. In June, a security patch for the problem appeared for all affected software. Kaspersky also published a security advisory to inform users of the problem.

Problem not completely solved

Eikenberg installed the patch on his test computer and discovered that the problem was not completely solved. The software still puts a script with an ID number in web pages, but the ID number is now identical for all users of a specific edition of Kaspersky.

A website can no longer follow individual users, but it can see if someone has installed Kaspersky software and how old the software is.

According to the journalist, this is valuable information for an attacker, because it can be used to spread malware that is tailored to the specific software. The browser can also be redirected to a matching scam page.

Turning off the function

It is possible to disable the function completely in Kaspersky’s software. You can do this by clicking on the cog at the bottom left of the general screen. The function can be found in Additional/Network, in the form of a checkbox with the text Inject script into web traffic to interact with web pages under Traffic Processing.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.