http://www.nzherald.co.nz/storydisplay.cfm?storyID=157359&thesection=technology&thesubsection=general 28.10.2000 8:00 AM STOCKHOLM/LONDON - Microsoft President and Chief Executive Steve Ballmer said the hackers who broke into the software giant's computer systems had gained access to some of its key programs, but had not changed them. "It is clear that hackers did see some of our source code," Ballmer told Microsoft programmers and reporters at a seminar in Stockholm yesterday. Source code is the basic building block of all software programs and Microsoft has always tried to keep its source code a top secret. Ballmer said the burglars had not changed any of its software programs, soothing fears that a virus had been hidden inside future releases of Microsoft products. "I can assure you that we know that there has been no compromise of the integrity of the source code that it has not been modified or tampered with in any way," he added. Earlier yesterday Ballmer had said hackers had not gained access to any of Microsoft's key programs or source code. Microsoft became aware of the attacks "in the last couple of days." Asked if the attacks had now stopped, Microsoft spokesman Rick Miller said: "We believe so." Microsoft's security employees discovered the break-in after they detected passwords being remotely sent to an e-mail account in St. Petersburg, Russia, the Wall Street Journal reported. The company interpreted electronic logs as showing that those internal passwords were used to transfer source code outside the Microsoft campus, it said. Security experts said the break-in heralded a new phase as the hackers had created an intelligent software agent, called a worm, which rummages independently through networks for valuable information. "It's very effective. A hacker doesn't need to hack into a computer himself. The worm does it for him and then reports back," said Mikko Hypponen, a security expert at Finnish-based data protection specialists F-Secure. "We've been forecasting worm-based industrial espionage to happen for quite some time and it looks like now it has happened big time," he added. Microsoft confirmed earlier that it had reported the break-in to the US Federal Bureau of Investigation (FBI). The Wall Street Journal, citing sources close to the situation, said Microsoft's flagship products Windows and Office had been the target. Computer security experts told Reuters that hackers appeared to have used a "well-known" worm called QAZ, which first surfaced in China several months ago, to break into Microsoft's systems. By early October anti-virus company Symantec had already spotted some 1,000 infections with the QAZ worm. "This is very worrying (that Microsoft has been hit), because we have had detection for it for three months," said Raimond Genes, European marketing vice-president for Japan-based computer security company Trend Micro. Microsoft declined to comment on what, if anything, had been stolen. The FBI was not immediately available for comment. If unstopped, a worm that has entered a network will infect other computers when files are shared, something that happens often in work places where people work together on a single project, such as software. A worm is a distinct type of computer virus that makes copies of itself across multiple systems. This particular virus is believed to have entered Microsoft's headquarters on the back of an inconspicuous looking Notepad-document, which would also make it a so-called Trojan. Named after the Greek myth of the Trojan Horse, the insidious worm hides inside a file and once opened, a damaging program is installed on the computer that starts sending copies of itself to other computers. Once the software is installed, hackers can gain easy access to the information on that computer. The fact that the worm had infected programmers' computers was not unusual because programmers usually disable virus protection software which slows down computers, Hypponen said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 03:35:07 PST