Since more independent software makers are including this feature into their applications, it wouldn’t be a stretch of the mind to think that their website has some security holes which could allow an attacker to take control of the webserver with a shell script or something similar.

Now say an attacker has uploaded a php script that takes advantage of the shell and even uses a list of php functions to help his attack. If the software is hosted on the same server, the attacker could then find out how the software checks for updates and trick the application to think that there is a new version and point the download location to where his malware is hosted. Now the end user thinks there is a new version, downloads it and now he has a virus on his machine.

With more and more applications including this feature, it would be possible to find an application that is hosted on a shared hosting environment, and even if their website has no security faults an attacker could potentially perform the same attack but was able to get his/her shell script onto the server through another website hosted on the same machine.

Now it will be interesting to see over the next couple of years to see how common this becomes, and its definitely not a stretch of the imagination that this could happen to a large company as Kaspersky was recently hacked through an sql injection on their website.

So what they did was transfer the man’s number over to an unknown carrier, and then transfered the money and wollah they now have the SMS code since they took control of his phone. Unfortunally there wasn’t much information about the attack, but I would have to think they would of had alot of personal information already to succesfully pull of the hack. Still it is something to think about on possiable hacking methods.