[ISN] Microsoft hackers reached key programmes

From: InfoSec News (isnat_private)
Date: Tue Oct 30 2001 - 01:30:12 PST

  • Next message: InfoSec News: "[ISN] Re: [DMCA_discuss] Linux kernel security fixes censored by the DMCA"

    8:00 AM 
    STOCKHOLM/LONDON - Microsoft President and Chief Executive Steve
    Ballmer said the hackers who broke into the software giant's computer
    systems had gained access to some of its key programs, but had not
    changed them.
    "It is clear that hackers did see some of our source code," Ballmer
    told Microsoft programmers and reporters at a seminar in Stockholm
    Source code is the basic building block of all software programs and
    Microsoft has always tried to keep its source code a top secret.
    Ballmer said the burglars had not changed any of its software
    programs, soothing fears that a virus had been hidden inside future
    releases of Microsoft products.
    "I can assure you that we know that there has been no compromise of
    the integrity of the source code that it has not been modified or
    tampered with in any way," he added.
    Earlier yesterday Ballmer had said hackers had not gained access to
    any of Microsoft's key programs or source code.
    Microsoft became aware of the attacks "in the last couple of days."
    Asked if the attacks had now stopped, Microsoft spokesman Rick Miller
    said: "We believe so."
    Microsoft's security employees discovered the break-in after they
    detected passwords being remotely sent to an e-mail account in St.
    Petersburg, Russia, the Wall Street Journal reported.
    The company interpreted electronic logs as showing that those internal
    passwords were used to transfer source code outside the Microsoft
    campus, it said.
    Security experts said the break-in heralded a new phase as the hackers
    had created an intelligent software agent, called a worm, which
    rummages independently through networks for valuable information.
    "It's very effective. A hacker doesn't need to hack into a computer
    himself. The worm does it for him and then reports back," said Mikko
    Hypponen, a security expert at Finnish-based data protection
    specialists F-Secure.
    "We've been forecasting worm-based industrial espionage to happen for
    quite some time and it looks like now it has happened big time," he
    Microsoft confirmed earlier that it had reported the break-in to the
    US Federal Bureau of Investigation (FBI).
    The Wall Street Journal, citing sources close to the situation, said
    Microsoft's flagship products Windows and Office had been the target.
    Computer security experts told Reuters that hackers appeared to have
    used a "well-known" worm called QAZ, which first surfaced in China
    several months ago, to break into Microsoft's systems.
    By early October anti-virus company Symantec had already spotted some
    1,000 infections with the QAZ worm.
    "This is very worrying (that Microsoft has been hit), because we have
    had detection for it for three months," said Raimond Genes, European
    marketing vice-president for Japan-based computer security company
    Trend Micro.
    Microsoft declined to comment on what, if anything, had been stolen.
    The FBI was not immediately available for comment.
    If unstopped, a worm that has entered a network will infect other
    computers when files are shared, something that happens often in work
    places where people work together on a single project, such as
    A worm is a distinct type of computer virus that makes copies of
    itself across multiple systems.
    This particular virus is believed to have entered Microsoft's
    headquarters on the back of an inconspicuous looking Notepad-document,
    which would also make it a so-called Trojan.
    Named after the Greek myth of the Trojan Horse, the insidious worm
    hides inside a file and once opened, a damaging program is installed
    on the computer that starts sending copies of itself to other
    Once the software is installed, hackers can gain easy access to the
    information on that computer.
    The fact that the worm had infected programmers' computers was not
    unusual because programmers usually disable virus protection software
    which slows down computers, Hypponen said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 03:35:07 PST