---------- Forwarded message ---------- Date: Thu, 03 May 2001 19:41:53 -0400 From: McIntyre <McIntyreat_private> To: defaced-commentaryat_private Subject: [defaced-commentary] 3 Microsoft Web sites Defaced, Corrections, IIS5 hole Earlier this evening (Eastern Time) the Web sites for Microsoft UK, Microsoft Saudi Arabia and Microsoft Mexico were defaced by the group Prime Suspectz. This makes 9 times a Microsoft Web site has been defaced including other Microsoft global sites in Brazil and Slovenia. The full list of past Microsoft targets have included: msrconf.microsoft.com (a supposed retired MS server and the first recorded defacement of a Microsoft server) on October 24, 1999 http://www.attrition.org/mirror/attrition/1999/10/24/msrconf.microsoft.com/CMT/ Microsoft Brazil by IZ corp defaced June 3, 2000 http://www.attrition.org/mirror/attrition/2000/06/03/www.microsoft.com.br/ The Microsoft Events Server by someone unknown on November 11, 2000 http://www.attrition.org/mirror/attrition/2000/11/07/events.microsoft.com Microsoft Slovenia (defaced twice) the first time by Furia.BR on December 14, 2000 and the second time by BoLoDoRiO 3 days later http://www.attrition.org/mirror/attrition/2000/12/14/www.microsoft.si http://www.attrition.org/mirror/attrition/2000/12/17/www.microsoft.si Microsoft New Zealand was also defaced by Prime Suspectz on January, 23rd of this year: http://www.attrition.org/mirror/attrition/2001/01/23/www.microsoft.co.nz/ CORRECTION: Last month (April 2001) we had claimed that the Microsoft Greece Web site was defaced twice, first by Prime Suspectz and later by World of Hell (WoH). We were later informed that the domain www.microsoft.com.gr was owned by a man in Greece not by Microsoft and further research led to the true Microsoft Hellas (Greece) Web site at: http://www.microsoft.com/hellas/. http://www.attrition.org/mirror/attrition/2001/04/20/www.microsoft.com.gr/ http://www.attrition.org/mirror/attrition/2001/04/27/www.microsoft.com.gr/ COMMENTS ON THE RECENT IIS 5.0 HOLE While these 3 Microsoft Web sites and the previous NEC USA Web sites have all been running Windows 2000 and IIS 5.0, we will not say they are using the exploit (jill.c) for the recent IIS hole discovered by eEye until we have confirmation from the defacers themselves. Please do not ask - we will post something when we know. ABOUT PRIME SUSPECTZ and OTHER GROUPS Prime Suspectz is a group known for their regular campaign against Web sites of large multinational corporations including NEC USA (a short time ago) Nike Brazil, Panasonic Italy, BMW France, Chevrolet Argentina, Samsung South Africa, Nintendo Spain and many more. See our previous commentary on high profile foreign defacements for a full list - http://www.attrition.org/security/commentary/hp-foreign-01.html NEC USA http://www.attrition.org/mirror/attrition/2001/05/03/www.nec.com/ Their targets aren't only limited to the foreign sites of multinational corporations. Yesterday Prime Suspectz defaced the Ford Motor Corporation's Media Web site. http://www.attrition.org/mirror/attrition/2001/01/22/media.ford.com/ A full list of Prime Suspectz previous defacements are available at http://www.attrition.org/mirror/attrition/psuspectz.html . Prime Suspectz isn't the only group defacing high profile foreign sites. So far this year, sites for Canon Greece, Canon Turkey, and Xerox India have also been defaced. We expect to see this trend continue until these companies work to secure their global Web sites as well or better than their flagship portals. http://www.attrition.org/mirror/attrition/2001/01/22/www.canon.gr/ http://www.attrition.org/mirror/attrition/2001/01/21/www.canon.com.tr/ http://www.attrition.org/mirror/attrition/2001/01/21/www.xerox.co.in/ - The information and commentary is Copyright 2001, by the individual author. Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this mail are not necessarily the opinion of all Attrition staff members. Commentary Archive: http://www.attrition.org/security/commentary/ The Attrition Mirror: http://www.attrition.org/mirror/attrition/ Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html Contacting Attrition Staff: staffat_private To subscribe to Defaced Commentary, send mail to majordomoat_private with "subscribe defaced-commentary" in the BODY of the mail (without quotes). To unsubscribe, include "unsubscribe defaced-commentary" in the BODY of the mail. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Fri May 04 2001 - 05:26:08 PDT