Sign in with
Sign up | Sign in

Microsoft DNS Hijacked by Spammers

By - Source: Tom's Guide US | B 27 comments

Two Microsoft addresses were used to push pills for a fake online pharmacy.

Tuesday The Register reported that internet addresses belonging to Microsoft were used to route traffic to 1,025 unique, fraudulent websites.

Late last week Ronald Guilmette, the managing member of network security software vendor Infinite Monkeys, told The Register that he discovered two hacked Microsoft servers handling the DNS of fraudulent websites--including seizemed.com, yourrulers.com, and crashcoursecomputing.com--since "at least" September 22. The hack was reportedly done by a notorious group of Russian criminals who have hijacked other machines across the globe.

The Register said that it independently verified Guilmette's findings by consulting with other security experts who specialize in DNS and taking down botnets and criminal websites. "By examining results used with an internet lookup tool known as Dig, short for the Domain Information Groper, [other security experts] were able to determine that 131.107.202.197 and 131.107.202.198--which are both registered to Microsoft--are housing dozens of DNS servers that help convert the pharmacy domain names into the numerical IP addresses that host the sites," said The Register in its report.

According to various reports, the fraudulent websites were pushing Viagra, Human Growth Hormone, and other pharmaceuticals though the Canadian Health&Care Mall, a reportedly fake online pharmacy that doesn't ship genuine products. The group behind the fake pharmacy also allegedly engages in child pornography, identity theft, and rampant spamming.

After The Register's report went live on Tuesday, Microsoft launched an investigation and said the problem was caused by human error. "We have completed our investigation and found that two misconfigured network hardware devices in a testing lab were compromised due to human error," Microsoft said Wednesday in a statement. "Those devices have been removed."

Microsoft added that the hacked network devices run a Linux kernel. "We are taking steps to better ensure that testing lab hardware devices that are Internet accessible are configured with proper security controls," Microsoft said.

In a separate report, security blogger Brian Krebs said that one of the compromised Microsoft computers was also used to launch a denial of service attack on his website. Krebs said that he recognized the Microsoft IP address while reading the original report filed by The Register. The attack began twenty-four hours after he published a criminal online service that sold stolen credit card numbers for less than $2 each.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 19 Hide
    dameon51 , October 14, 2010 9:24 PM
    Too bad it wasn't actually MS. I've been waiting for Windows branded Viagra for sometime now.
Other Comments
  • 19 Hide
    dameon51 , October 14, 2010 9:24 PM
    Too bad it wasn't actually MS. I've been waiting for Windows branded Viagra for sometime now.
  • -1 Hide
    kresso , October 14, 2010 9:35 PM
    Quote:
    The attack began twenty-four hours after he published a criminal online service that sold stolen credit card numbers for less than $2 each.

    Well serves him right for selling our credit card numbers :) 
  • Display all 27 comments.
  • 2 Hide
    Yuka , October 14, 2010 9:36 PM
    Quote:
    Microsoft added that the hacked network devices run a Linux kernel. "We are taking steps to better ensure that testing lab hardware devices that are Internet accessible are configured with proper security controls," Microsoft said.


    So... MS engineers/technicians can't configure a Linux machine? That explains a few things security wise.

    Cheers!
  • 6 Hide
    2real , October 14, 2010 9:38 PM
    YukaSo... MS engineers/technicians can't configure a Linux machine? That explains a few things security wise.Cheers!

    or that linux isn't as secure as you think
  • 7 Hide
    cscott_it , October 14, 2010 9:40 PM
    YukaSo... MS engineers/technicians can't configure a Linux machine? That explains a few things security wise.Cheers!


    Ignorance is bliss eh Yuka?
    Linux can't get viruses and they've never existed on Linux. EVER.
    I mean, it's not like every Fedora Core system has had gaping exploits. Right?

    That aside, it's what happens when you allow your lab environment to be exposed to the internet. Seems like a poor deciscion.
  • 0 Hide
    saymi , October 14, 2010 9:40 PM
    "the hacked network devices run a Linux kernel?" İnteresting
  • 0 Hide
    Anonymous , October 14, 2010 9:44 PM
    HaHa! They use Linux for DNS lmao!!! And they top it off by admitting it was "HUMAN ERROR"..... ;-D
  • 0 Hide
    cscott_it , October 14, 2010 9:45 PM
    To make sure there is no misunderstanding, Linux is secure.
    It's not being probed like Windows, but there have been plenty of security holes in it since it's inception.

    In addition, don't forget about cross platform security issues (web) in addition to user error (users running their machine as root, rather than using elevated privelages for certain tasks).

    Like a Red Hat / Fedora Core that was susceptible to what is the Linux verison of a null user session style attack.

  • 8 Hide
    randomizer , October 14, 2010 9:46 PM
    Whether they were running GNU/Linux, Windows or OS/2 is irrelevant and it is quite likely that they threw that comment in there to divert attention from where it should be: the systems administrator(s). Any computer that acts as a server online is vulnerable to attack if it is not properly configured.
  • -3 Hide
    Yuka , October 14, 2010 9:59 PM
    cscott_itIgnorance is bliss eh Yuka?Linux can't get viruses and they've never existed on Linux. EVER.I mean, it's not like every Fedora Core system has had gaping exploits. Right?That aside, it's what happens when you allow your lab environment to be exposed to the internet. Seems like a poor deciscion.


    I've heard that not knowing how to read is Godly.

    Cheers!
  • 1 Hide
    the_krasno , October 14, 2010 10:51 PM
    So we have fake drugs, child porn and identity theft and these guys are more well known for spamming? What has the world come to?
    More importantly, being so serious crimes why haven't they been stopped if authorities can track them through the spam?
  • -6 Hide
    otacon72 , October 14, 2010 11:14 PM
    Since Linux has what .02% market share...of course it's more "secure"....lol Tried Linus on my server then tried MS Server 2008...been on 2008 every since.
  • 6 Hide
    Vladislaus , October 14, 2010 11:18 PM
    2realor that linux isn't as secure as you think

    Linux/Unix is the most widely used OS system on servers. Even though their popularity on servers they are still the OS with less security holes. Of course this doesn't mean that it's 100% secure.
  • 2 Hide
    eddieroolz , October 15, 2010 12:15 AM
    Looks like someone is getting fired over this.
  • -2 Hide
    shoshu , October 15, 2010 12:17 AM
    hey Microsoft is using LINUX, so much for the "better" Windows :)  haha
    they just proved themselves LINUX is better than WINDOWS , period!!
  • 1 Hide
    dillyflump , October 15, 2010 12:20 AM
    My inbox was forever getting non stop spam from these fake drug websites, they use numerous names inc the likes of canadian pharmacy, ukpharmacy online ect ect... not suprisingly the emails were all through hotmail.com domains. It's so bad infact i've actually banned all hotmail.com and hotmail.co.uk addresses in my mail client.
  • 4 Hide
    f-14 , October 15, 2010 12:26 AM
    2realor that linux isn't as secure as you think

    OR linux is only as secure as the microsoft engineers operating it! if i worked for microsoft and as an engineer and i was trying to tow the line for my brand i'd f' linux up too. but i am a perfectionist therefore i can not be a microsoft engineer as i wouldn't do a hack job in designing any system! oh and i'd still be working on making the kernel work with everything in happy harmony in a contiunious battle never finishing my project as nothing ever stop changing in life.

    i do not know if brian krebs is trying to pull a fast one to gain publicity for his blog, but the way this is written i think kevin parrish has something against security blogger Brian Krebs who said that one of the compromised Microsoft computers was also used to launch a denial of service attack on his website twenty-four hours after he published a criminal online service that sold stolen credit card numbers for less than $2 each.

    what say you Kev? say it isn't so! botched a copy and paste job didn't you? heh heh it happens to all of us eventually :p 
  • 2 Hide
    hellwig , October 15, 2010 12:45 AM
    Quote:
    The attack began twenty-four hours after he published a criminal online service that sold stolen credit card numbers for less than $2 each.
    I'm guessing you left out something, maybe he published a REPORT on the criminal online service?

    Still, if these DNS servers are in a Microsoft Lab, why is anyone using them? Seriously, who (either individual or ISP) would route there data through the first IP that responded to DNS traffic? I mean, I could setup a DNS server that directed EVERY website to tomshardware, but if no one configured their computer to use it, there wouldn't be any problem. I wanna know who's using these servers.
  • 1 Hide
    Anonymous , October 15, 2010 12:51 AM
    haha, microsoft isnt using windows server edition. shows how much faith they have in the home brand
  • 3 Hide
    Shadow703793 , October 15, 2010 1:20 AM
    cscott_itIgnorance is bliss eh Yuka?Linux can't get viruses and they've never existed on Linux. EVER.I mean, it's not like every Fedora Core system has had gaping exploits. Right?That aside, it's what happens when you allow your lab environment to be exposed to the internet. Seems like a poor deciscion.

    Exactly. No OS is secure as long as it's connected to the Net. Even if it's not connected to the net, it's still not secure. There are things you can do to minimize security risks and that's all you can do.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter