Language Selection

English French German Italian Portuguese Spanish

M$ Says MSN Site Hacked in S. Korea

Filed under
Microsoft

Microsoft acknowledged Thursday that hackers booby-trapped its popular MSN Web site in South Korea to try to steal passwords from visitors. The company said it was unclear how many Internet users might have been victimized.

Microsoft said it cleaned the Web site, www.msn.co.kr, and removed the dangerous software code that unknown hackers had added earlier this week. A spokesman, Adam Sohn, said Microsoft was confident its English-language Web sites were not vulnerable to the same type of attack.

South Korea is a leader in high-speed Internet users worldwide. Microsoft’s MSN Web properties — which offer news, financial advice, car- and home-buying information and more — are among the most popular across the Web.

The affected Microsoft site in South Korea offers news and other information plus links to the company’s free e-mail and search services. Its English-language equivalent is the default home Internet page for the newest versions of its flagship Windows software sold in the United States.

The Korean site, unlike U.S. versions, was operated by another company Microsoft did not identify. Microsoft’s own experts and Korean police authorities were investigating, but Microsoft believes the computers were vulnerable because operators failed to apply necessary software patches, said Sohn, an MSN director.

“Our preliminary opinion here was, this was the result of an unpatched operating system,” Sohn said. “When stuff is in our data center, it’s easier to control. We’re pretty maniacal about getting servers patched and keeping our customers safe and protected.”

Microsoft’s acknowledgment of the hacking incident was the latest embarrassment for the world’s largest software company, which has spent hundreds of millions of dollars to improve security and promote consumer confidence in its products.

Security researchers noticed the suspicious programming added to the Korean site and contacted the company Tuesday. Microsoft traced the problem and removed the hacked computers within hours, Sohn said, but it doesn’t yet know how long the dangerous programming was present.

In recent days no customers have reported problems stemming from visits to the Web site, Sohn said.

The hacker program scanned visitors’ computers and tried to activate password-stealing software that was found separately to exist on some hacked Chinese Web sites.

Microsoft said it was trying to decide whether to issue a broad public warning to recent visitors of the Korean site as it examines its own records to attempt to trace anyone who might have been victimized.

© 2005 The Associated Press.

More in Tux Machines

Leftovers: OSS and Sharing

Security Leftovers

GeckoLinux 421 Plasma and SUSE Hack Week

  • GeckoLinux 421 Plasma review - It ain't no dragon
    I heard a lot of good praise about this little distro. My inbox is flooded with requests to take it for a spin, so I decided, hey, so many people are asking. Let us. The thing is, openSUSE derivatives are far and few in between, but the potential and the appeal are definitely there. Something like CentOS on steroids, the way Stella did once, the same noble way Fuduntu tried to emancipate Fedora. Take a somewhat somber distro and pimpify it into submission. GeckoLinux is based on openSUSE Leap, and I chose the Plasma Static edition. There's also a Rolling version, based on Tumbleweed, but that one never worked for me. The test box for this review is Lenovo G50. But wait! Dedoimedo, did you not recently write in your second rejection report that GeckoLinux had failed to boot? Indeed I did. But the combo of yet another firmware update on the laptop and a fresh new download fixed it, allowing for a DVD boot. Somewhat like the painful but successful Fedora exercise back in the day. Tough start, but let's see what gives.
  • La Mapería
    It is Hack Week at SUSE, and I am working on La Mapería (the map store), a little program to generate beautiful printed maps from OpenStreetMap data.
  • HackWeek XIV @SUSE: Tuesday

From Vista 10 to Linux Mint

  • Microsoft Scared into Changes, 5 Reasons to Ditch
    Following a small claims court judgment against them, Microsoft announced they would be making declining their Windows 10 upgrade easier. Why not just switch to Linux as Daniel Robinson highlighted five reasons you should. My Linux Rig spoke to Christine Hall of FOSS Force about her "Linux rig" today and Bryan Lunduke had some thoughts on Canonical's collaboration myth. Dedoimedo reviewed GeckoLinux 421 and Gary Newell tested Peppermint 7 on his new Lenovo Ideapad.
  • After Multi-Month Tone Deaf Shitshow, Microsoft Finally Lets Users Control Obnoxious Windows 10 Upgrade
    Microsoft's decision to offer Windows 10 as a free upgrade to Windows 7 and Windows 8.1 made sense on its surface. It was a nice freebie for users happy to upgrade, and an effective way to herd customers on older Windows iterations onto the latest platform to help consolidate support expense. But Microsoft's upgrade in practice has seen no shortage of criticism from users annoyed by a total lack of control over the update, and Microsoft's violent tone deafness in response to the complaints. For example a Reddit post from an anti-poaching organization made the rounds earlier this year after the 17 GB automatic Windows 10 update resulted in huge per megabyte charges from their satellite broadband ISP. Microsoft's response to these complaints? Ignore them. As complaints grew, Microsoft finally provided a way to fully disable the forced upgrade, but made sure it involved forcing users to modify the registry, something Microsoft knew full well less technical users wouldn't be comfortable attempting to hurdle. [...] Things have been escalating ever since, often to comedic effect. But this week things changed somewhat with the news that Microsoft has struck a $10,000 settlement with a California woman who sued the company after an ill-timed Windows 10 upgrade brought her office computers to a crawl. The woman took Microsoft to court after support failed to help resolve the issue, a spokesman saying Microsoft halted its appeal of the ruling "to avoid the expense of further litigation."
  • Microsoft pays $10,000 to unwilling Windows 10 updater
  • The Linux Setup - Christine Hall, FOSS Force
    On my main desktop, I use Linux Mint 17.1, Rebecca. My main laptop, a 64-bit machine, is running Mint 17.2 Rafaela. The laptop got updated from Rebecca so I could write a review, but the desktop never got upgraded because it’s a 32-bit machine and would require another download, which I haven’t had the time to do. I have another laptop running Bodhi, which might be my favorite distro, but I can be more productive with Mint.
  • Linux Mint 18 Finally Arrives — Download Cinnamon and MATE Edition ISO Files Here
    The wait for the summer’s hottest Linux distro is over and you can finally download the release version of Linux Mint 18 “Sarah”. Often called the best Linux distribution for desktop PCs, Mint 18 comes loaded with new features and Linux 4.4 LTS Kernel.