Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security

October 14th, 2010, 09:32 GMT · By

Spammers Hacked Machines from Microsoft's Network

SHARE:

Adjust text size:

Microsoft machines compromised by spammers
Enlarge picture
Microsoft confirmed that two misconfigured servers located on its network were compromised and abused by a gang of Canadian pharmacy spammers.

The incident was reported by The Register two days ago, after receiving information from a California-based security researcher named Ronald F. Guilmette, who tracks spam operations.

According to Guilmette, 131.107.202.197 and 131.107.202.198, two IP addresses registered to Microsoft, were being used as authoritative name servers for over a thousand spam domains, since at least September 22.

Following the report, Microsoft launched an internal investigation and yesterday, Christopher Budd, its response manager for trustworthy computing, confirmed the compromises.

"We have completed our investigation and found that two misconfigured network hardware devices in a testing lab were compromised due to human error.

"Those devices have been removed and we can confirm that no customer data was compromised and no production systems were affected.

"We are taking steps to better ensure that testing lab hardware devices that are Internet accessible are configured with proper security controls," Mr. Budd said.

But, there is more to this story. Reputed information security investigative journalist Brian Krebs reports that one of the two Microsoft IP addresses was involved in a denial of service attack against his website on September 23.

According to him, the owner of his Web hosting provider, who is also a co-founder of the SURBL (Spam URL Blocklist) project, notified Microsoft about the possible compromise of its systems, hours after the attack.

It's not very clear why Microsoft failed to properly investigate the report at the time and allowed the abuse to continue on its network for another three weeks.

The websites promoted a rogue online pharmacy known as "Canadian Health&Care Mall," which is believed to be associated with a spam affiliate program called Bulker.biz.

One thing the Bulker.biz gang is known for, is compromising poorly configured Linux or UNIX-like systems and using in their operations.

By routing traffic through these servers, which use the IP addresses of well known organizations and companies, the spammers can evade various blocklists.

This connection points to a high likelihood that Microsoft's compromised network hardware devices were running some Linux flavor.


3,025 hits · 3 comments
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


RU Domain Registration Restrictions Proved Inefficient
Pharma Spammers Abuse Legit Websites
Google Sues Rogue Pharmacy Advertisers
Spam Levels Plummeted at Beginning of October

READER COMMENTS:


Comment #1 by: Carling on 14 Oct 2010, 16:46 UTC reply to this comment

I was reading a blogger article that MS use Linux on their Hot Mail Servers and Security Update Servers could that answer your question


Comment #2 by: Joel on 14 Oct 2010, 18:27 UTC reply to this comment

What evidence is there that linux was hacked? It seems more likely that the folks at microsoft goofed and set up the servers as open relays, allowing the spammers to use them.


Comment #3 by: Dan on 14 Oct 2010, 21:44 UTC reply to this comment

Leave it to Microsoft to get a *nix server hacked.

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use