Sign in with
Sign up | Sign in

Even Microsoft Was Hit By Malware Attack

By - Source: Microsoft | B 17 comments

And Eastern European group is to blame, not China.

Microsoft said in a blog on Friday that it too has suffered a "security intrusion" similar to what has been reported by Facebook and Apple. Like the other victims, the Redmond company said that it waited to make a full public disclosure until its initial information gathering process was complete.

"During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations," said Matt Thomlinson, general manager of Microsoft's Trustworthy Computing division. "We have no evidence of customer data being affected and our investigation is ongoing."

Recently both Facebook and Apple released reports stating that company employees visited an infected web site for software developers. The lurking malware reportedly took advantage of a zero-day vulnerability in the Java plug-in for browsers. For Apple and Facebook, only a handful of computers were compromised, but the infection itself has affected hundreds of companies.

"This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries," Thomlinson said. "We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks."

As previously reported, the attacks on Facebook, Apple, and others seemed unrelated to the hacks on The New York Times, The Wall Street Journal and The Washington Post which pointed a finger at China. The news agencies claimed their networks were directly infiltrated while Apple and others said their employees acquired malware through a highly-used website. Thus from the outside, these two attacks appear to be separate.

Last week a report surfaced citing two unnamed people close to the ongoing investigation regarding the Facebook and Apple group. They claim that an Eastern European gang of hackers planted malware on a website for iPhone developers. At least one server being used by this group – possibly based out of Russia -- is located in the Ukraine.

Security firm RSA labels this method of attack as a "watering hole", a new form of attack where a hacker intentionally infiltrates a company's network by infecting a website commonly used by its employees. In this case, it was iphonedevsdk.com which may still be infected. It's believed companies like Facebook, Apple – maybe even Twitter and Microsoft – visited this website while working on their mobile apps for iOS. That would explain why both the PC and Mac platforms were violated simultaneously and so easily.

"The methodology relies on 'trojanizing' legitimate websites specific to a geographic area which the attacker believes will be visited by end users who belong to the organization they wish to penetrate," the company said. "This results in a wholesale compromise of multiple hosts inside a corporate network as the end-users go about their daily business, much like a lion will lie in wait to ambush prey at a watering hole."

Unlike the alleged Chinese hacks which are state-sponsored and for the government's own gain, this gang of hackers is looking to acquire company secrets, research, intellectual property and more that can be sold on the black market to the highest bidder. Investigators also claim that the hackers are trying to steal social website information in order to specifically target employees of "technology-rich" companies like Microsoft and Apple.

Microsoft is one of a few that has gone public with reports of a hacking attempt that spans hundreds. Twitter, which described an attack similar to the Wall Street Journal, even admitted in early February that attacks may have gained the information of around 250,000 users.

 

Contact Us for News Tips, Corrections and Feedback

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 0 Hide
    xpeh , February 26, 2013 2:55 AM
    Why do the Americans always call Ukraine "The Ukraine?" Ukraine isn't exactly a part of Russia anymore.
  • 9 Hide
    Anonymous , February 26, 2013 2:57 AM
    During our investigation, we found a small number of computers, including some in our Mac business unit

    Already curbing those mac "no viruses ever" fanboys I see. Nice.
  • 6 Hide
    twelve25 , February 26, 2013 4:08 AM
    It only takes one idiot to click on a link in an email and you have your backdoor in. With these huge companies, finding one idiot is all but assured.
  • Display all 17 comments.
  • 7 Hide
    RazorBurn , February 26, 2013 4:10 AM
    seuifrhysdyfugDuring our investigation, we found a small number of computers, including some in our Mac business unitAlready curbing those mac "no viruses ever" fanboys I see. Nice.


    As this malware is using a Java exploit, it doesn't really matter if it is Mac, Linux, or Windows.. It will get infected, Java is available on all OS even android and iOS.. Clever malware authors if u ask me..
  • -1 Hide
    twelve25 , February 26, 2013 4:15 AM
    xpehWhy do the Americans always call Ukraine "The Ukraine?" Ukraine isn't exactly a part of Russia anymore.


    What is even called "The Ukraine" when it was a Soviet member? I think it's just some local flavor. Why do we call it Japan when it is Nippon?

  • -6 Hide
    DjEaZy , February 26, 2013 5:10 AM
    Even Microsoft Was Hit By Malware Attack? You Say?!?
  • -6 Hide
    madjimms , February 26, 2013 5:20 AM
    twelve25What is even called "The Ukraine" when it was a Soviet member? I think it's just some local flavor. Why do we call it Japan when it is Nippon?

    Because its a county..... Generally countries have names attached to them.
  • 3 Hide
    Anonymous , February 26, 2013 7:51 AM
    Ukraine was called "the Ukrainian Soviet Socialist Republic" during USSR, it even had a ministry of External Affairs separate from the Soviet one, and was one of the founding members of the United Nations. One doesn't say "the England" or "the Japan", or "the Russia" (though it is OK to say "the United Kingdom", "the Empire of Japan", or "the Russian Federation"). Ukraine is a proper name and therefore doesn't get the definite article "the". Author Fail.
  • 3 Hide
    CaedenV , February 26, 2013 11:32 AM
    seuifrhysdyfugDuring our investigation, we found a small number of computers, including some in our Mac business unitAlready curbing those mac "no viruses ever" fanboys I see. Nice.

    Mac is based on unix, and therefore is nearly impossible to infect the OS. Heck, even Windows Vista/7/8 are extremely difficult to infect the core OS. But that does not mean that periphrial software such as Flash, Java, web browsers, or other bits of software cannot be compromised, and those often work over several platforms. Even cell phones suffer from this. Android may be very difficult to compromise, but when the UI is made by a manufacturer, or software is made by a carrier, then it does not matter how secure the core OS is because there are other easier ways in. That is one thing I like about iOS and WP, there is a minimum of 3rd party involvement, and the apps are checked out more before being made available on the store.
    I trust apple and MS to write software more than I trust ATT, VZW, HTC, or Samsung to do anything right.
  • 2 Hide
    Anonymous , February 26, 2013 11:39 AM
    I really don't use Java that much so I just decided to remove it. One less thing to make me a target.
  • 1 Hide
    -Jackson , February 26, 2013 11:41 AM
    CaedenVMac is based on unix, and therefore is nearly impossible to infect the OS. Heck, even Windows Vista/7/8 are extremely difficult to infect the core OS. But that does not mean that periphrial software such as Flash, Java, web browsers, or other bits of software cannot be compromised, and those often work over several platforms. Even cell phones suffer from this. Android may be very difficult to compromise, but when the UI is made by a manufacturer, or software is made by a carrier, then it does not matter how secure the core OS is because there are other easier ways in. That is one thing I like about iOS and WP, there is a minimum of 3rd party involvement, and the apps are checked out more before being made available on the store.I trust apple and MS to write software more than I trust ATT, VZW, HTC, or Samsung to do anything right.

    That is exactly why I own a Windows Phone. :) 
  • -2 Hide
    frank_drebin , February 26, 2013 2:12 PM
    Nice self-marketing, Microsoft!
  • 2 Hide
    f-14 , February 26, 2013 4:33 PM
    http://www.dailymail.co.uk/news/article-2262540/Homeland-Security-STILL-warning-Americans-disable-Java-Oracle-says-problem-fixed.html
    By Jim Finkle
    Fri Jan 11, 2013 4:53pm EST
    (Reuters) - The U.S. Department of Homeland Security urged computer users to disable Oracle Corp's Java software, amplifying security experts' prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.

    Hackers have figured out how to exploit Java to install malicious software enabling them to commit crimes ranging from identity theft to making an infected computer part of an ad-hoc network of computers that can be used to attack websites.

    "We are currently unaware of a practical solution to this problem," the Department of Homeland Security's Computer Emergency Readiness Team said in a posting on its website late on Thursday.

    "This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," the agency said. "To defend against this and future Java vulnerabilities, disable Java in Web browsers."

    Oracle declined on Friday to comment on the warning.

    the price you pay for not vetting your software.
  • -1 Hide
    f-14 , February 26, 2013 4:41 PM
    Homeland Security STILL warning Americans to disable Java even as Oracle says problem fixed
    By DAILY MAIL REPORTER
    PUBLISHED: 20:43 EST, 14 January 2013 | UPDATED: 20:43 EST, 14 January 2013

    Oracle Corp. said Monday said it has fixed the problem it its Java software that raised an alarm from the U.S. Department of Homeland Security last week, but the federal agency still recommends that users disable Java in their Web browsers.
    'This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered,' DHS said in a statement Monday. 'To defend against this and future Java vulnerabilities, consider disabling Java in Web browsers until adequate updates are available.'
    The alert follows on the department's warning late Thursday.

    Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called 'Web exploit packs' to Internet abusers who can use it to steal credit card data, personal information or cause other harm.
    The packs, sold for upwards of $1,500 apiece, make complex hacker codes available to relative amateurs.
    This particular flaw even enables hackers to compromise legitimate websites by taking over ad networks.


    The sale of the packs means malware exploiting the security gap is 'going to be spread across the Internet very quickly,' said Liam O'Murchu, a researcher with Symantec Corp. 'If you have the opportunity to turn it off, you should.'
    Oracle said it released two patches — to address the flaw highlighted by the government, as well as another flaw that the government said was "different but equally severe."
    As well, the patches set Java's default security level to 'high' so that users will automatically be shown a prompt and given a chance to decline malicious software before it loads onto their computers.

    Many programmers are avoiding Java altogether, and its use in Web browsers is on the decline, he said.
    Kaspersky Lab estimated that last year 50 percent of all website exploitations were due to vulnerabilities in Java. Adobe's Acrobat Reader accounted for another 28 percent of vulnerabilities.


    Read more: http://www.dailymail.co.uk/news/article-2262540/Homeland-Security-STILL-warning-Americans-disable-Java-Oracle-says-problem-fixed.html#ixzz2M21Yvntd

    i have to pile on my hate for oracle and java, they just make their adware worse not better with every update as well as bandwidth hogging and autoplay ads and give them sounds, it was bad enough when they made ads flash and give people with epilepsy seizures, now i have to endure commercials on a computer when i am required to touch one that is not mine own to beat into permission submission
  • 0 Hide
    f-14 , February 26, 2013 4:48 PM
    Quote:
    At least one server being used by this group – possibly based out of Russia -- is located in the Ukraine.

    also forgot Mr Parrish:
    you need to get with the 21st century the USSR collapsed under less debt than america has today, Ukraine is it's own country again, no longer a soviet satellite state for Russia
  • 2 Hide
    robochump , February 26, 2013 4:57 PM
    MaclI really don't use Java that much so I just decided to remove it. One less thing to make me a target.


    Which is fine for personal systems but unfortunately JAVA is still integrated in many business applications. My work MAC requires JAVA for VPN and other web based applications. Can be very frustrating :-P
  • 0 Hide
    sanilmahambre , March 4, 2013 6:31 PM
    Do you know why?



    COZ there are no GATES....LOL
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter