Two Microsoft addresses were used to push pills for a fake online pharmacy.
Tuesday The Register reported that internet addresses belonging to Microsoft were used to route traffic to 1,025 unique, fraudulent websites.
Late last week Ronald Guilmette, the managing member of network security software vendor Infinite Monkeys, told The Register that he discovered two hacked Microsoft servers handling the DNS of fraudulent websites--including seizemed.com, yourrulers.com, and crashcoursecomputing.com--since "at least" September 22. The hack was reportedly done by a notorious group of Russian criminals who have hijacked other machines across the globe.
The Register said that it independently verified Guilmette's findings by consulting with other security experts who specialize in DNS and taking down botnets and criminal websites. "By examining results used with an internet lookup tool known as Dig, short for the Domain Information Groper, [other security experts] were able to determine that 131.107.202.197 and 131.107.202.198--which are both registered to Microsoft--are housing dozens of DNS servers that help convert the pharmacy domain names into the numerical IP addresses that host the sites," said The Register in its report.
According to various reports, the fraudulent websites were pushing Viagra, Human Growth Hormone, and other pharmaceuticals though the Canadian Health&Care Mall, a reportedly fake online pharmacy that doesn't ship genuine products. The group behind the fake pharmacy also allegedly engages in child pornography, identity theft, and rampant spamming.
After The Register's report went live on Tuesday, Microsoft launched an investigation and said the problem was caused by human error. "We have completed our investigation and found that two misconfigured network hardware devices in a testing lab were compromised due to human error," Microsoft said Wednesday in a statement. "Those devices have been removed."
Microsoft added that the hacked network devices run a Linux kernel. "We are taking steps to better ensure that testing lab hardware devices that are Internet accessible are configured with proper security controls," Microsoft said.
In a separate report, security blogger Brian Krebs said that one of the compromised Microsoft computers was also used to launch a denial of service attack on his website. Krebs said that he recognized the Microsoft IP address while reading the original report filed by The Register. The attack began twenty-four hours after he published a criminal online service that sold stolen credit card numbers for less than $2 each.
Well serves him right for selling our credit card numbers
So... MS engineers/technicians can't configure a Linux machine? That explains a few things security wise.
Cheers!
or that linux isn't as secure as you think
Ignorance is bliss eh Yuka?
Linux can't get viruses and they've never existed on Linux. EVER.
I mean, it's not like every Fedora Core system has had gaping exploits. Right?
That aside, it's what happens when you allow your lab environment to be exposed to the internet. Seems like a poor deciscion.
It's not being probed like Windows, but there have been plenty of security holes in it since it's inception.
In addition, don't forget about cross platform security issues (web) in addition to user error (users running their machine as root, rather than using elevated privelages for certain tasks).
Like a Red Hat / Fedora Core that was susceptible to what is the Linux verison of a null user session style attack.
I've heard that not knowing how to read is Godly.
Cheers!
More importantly, being so serious crimes why haven't they been stopped if authorities can track them through the spam?
Linux/Unix is the most widely used OS system on servers. Even though their popularity on servers they are still the OS with less security holes. Of course this doesn't mean that it's 100% secure.
they just proved themselves LINUX is better than WINDOWS , period!!
OR linux is only as secure as the microsoft engineers operating it! if i worked for microsoft and as an engineer and i was trying to tow the line for my brand i'd f' linux up too. but i am a perfectionist therefore i can not be a microsoft engineer as i wouldn't do a hack job in designing any system! oh and i'd still be working on making the kernel work with everything in happy harmony in a contiunious battle never finishing my project as nothing ever stop changing in life.
i do not know if brian krebs is trying to pull a fast one to gain publicity for his blog, but the way this is written i think kevin parrish has something against security blogger Brian Krebs who said that one of the compromised Microsoft computers was also used to launch a denial of service attack on his website twenty-four hours after he published a criminal online service that sold stolen credit card numbers for less than $2 each.
what say you Kev? say it isn't so! botched a copy and paste job didn't you? heh heh it happens to all of us eventually
Still, if these DNS servers are in a Microsoft Lab, why is anyone using them? Seriously, who (either individual or ISP) would route there data through the first IP that responded to DNS traffic? I mean, I could setup a DNS server that directed EVERY website to tomshardware, but if no one configured their computer to use it, there wouldn't be any problem. I wanna know who's using these servers.
Exactly. No OS is secure as long as it's connected to the Net. Even if it's not connected to the net, it's still not secure. There are things you can do to minimize security risks and that's all you can do.