Language Selection

English French German Italian Portuguese Spanish

M$ Says MSN Site Hacked in S. Korea

Filed under
Microsoft

Microsoft acknowledged Thursday that hackers booby-trapped its popular MSN Web site in South Korea to try to steal passwords from visitors. The company said it was unclear how many Internet users might have been victimized.

Microsoft said it cleaned the Web site, www.msn.co.kr, and removed the dangerous software code that unknown hackers had added earlier this week. A spokesman, Adam Sohn, said Microsoft was confident its English-language Web sites were not vulnerable to the same type of attack.

South Korea is a leader in high-speed Internet users worldwide. Microsoft’s MSN Web properties — which offer news, financial advice, car- and home-buying information and more — are among the most popular across the Web.

The affected Microsoft site in South Korea offers news and other information plus links to the company’s free e-mail and search services. Its English-language equivalent is the default home Internet page for the newest versions of its flagship Windows software sold in the United States.

The Korean site, unlike U.S. versions, was operated by another company Microsoft did not identify. Microsoft’s own experts and Korean police authorities were investigating, but Microsoft believes the computers were vulnerable because operators failed to apply necessary software patches, said Sohn, an MSN director.

“Our preliminary opinion here was, this was the result of an unpatched operating system,” Sohn said. “When stuff is in our data center, it’s easier to control. We’re pretty maniacal about getting servers patched and keeping our customers safe and protected.”

Microsoft’s acknowledgment of the hacking incident was the latest embarrassment for the world’s largest software company, which has spent hundreds of millions of dollars to improve security and promote consumer confidence in its products.

Security researchers noticed the suspicious programming added to the Korean site and contacted the company Tuesday. Microsoft traced the problem and removed the hacked computers within hours, Sohn said, but it doesn’t yet know how long the dangerous programming was present.

In recent days no customers have reported problems stemming from visits to the Web site, Sohn said.

The hacker program scanned visitors’ computers and tried to activate password-stealing software that was found separately to exist on some hacked Chinese Web sites.

Microsoft said it was trying to decide whether to issue a broad public warning to recent visitors of the Korean site as it examines its own records to attempt to trace anyone who might have been victimized.

© 2005 The Associated Press.

More in Tux Machines

Android Leftovers

Gaming News: SHOGUN, Reus, Two Worlds and More

Security Leftovers: WCry/Ransomwar, WannaCry, Athena

OSS Leftovers

  • Nextcloud 12 Officially Released, Adds New Architecture for Massive Scalability
    Nextcloud informs Softpedia today about the official availability of the final release of Nextcloud 12, a major milestone of the self-hosting cloud server technology that introduces numerous new features and improvements. The biggest new feature of the Nextcloud 12 release appears to be the introduction of a new architecture for massive scalability, called Global Scale, which is a next-generation open-source technology for syncing and sharing files. Global Scale increases scalability from tens of thousands of users to hundreds of millions on a single instance, while helping universities and other institutions significantly reduce the costs of their existing large installations.
  • ReactOS 0.4.5 Open-Source Windows-Compatible OS Launches with Many Improvements
    ReactOS 0.4.5 is a maintenance update that adds numerous changes and improvements over the previous point release. The kernel has been updated in this version to improve the FreeLoader and UEFI booting, as well as the Plug and Play modules, adding support for more computers to boot ReactOS without issues.
  • Sprint Debuts Open Source NFV/SDN Platform Developed with Intel Labs
    AT&T has been the headliner in the carrier race to software defined networking (SDN) and network function virtualization (NFV). But Sprint is putting its own stamp on the space this week with its debut of a new open source SDN/NFV mobile core solution.
  • Google’s New Home for All Things Open Source Runs Deep
    Google is not only one of the biggest contributors to the open source community but also has a strong track record of delivering open source tools and platforms that give birth to robust technology ecosystems. Just witness the momentum that Android and Kubernetes now have. Recently, Google launched a new home for its open source projects, processes, and initiatives. The site runs deep and has several avenues worth investigating. Here is a tour and some highlights worth noting.
  • Making your first open source contribution
  • Simplify expense reports with Smart Receipts
    The app is called Smart Receipts, it's licensed AGPL 3.0, and the source code is available on GitHub for Android and iOS.
  • How the TensorFlow team handles open source support
    Open-sourcing is more than throwing code over the wall and hoping somebody uses it. I knew this in theory, but being part of the TensorFlow team at Google has opened my eyes to how many different elements you need to build a community around a piece of software.
  • IRC for the 21st Century: Introducing Riot
    Internet relay chat (IRC) is one of the oldest chat protocols around and still popular in many open source communities. IRC's best strengths are as a decentralized and open communication method, making it easy for anyone to participate by running a network of their own. There are also a variety of clients and bots available for IRC.