Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MSN Hacked

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

MSN Hacked

Unread postby Bertha » June 6th, 2005, 6:30 am

From ZDNet

Microsoft has discovered an apparent attempt by hackers to steal user information from its South Korean MSN Web site and has taken action to repair the problem.

The attack was directed at the news section of the MSN Korea Web site, said Adam Sohn, a Microsoft spokesman. Microsoft was alerted Tuesday morning that the site had been compromised and took the site offline for a few hours to fix the problem, he said.

Microsoft has received no reports of users falling victim to the attack. The software maker is still investigating the issue and has called in law enforcement to investigate and take action against those responsible, Sohn said.

Early investigation has shown that the attackers placed an additional frame on the Web site, a so-called IFRAME, Sohn said. These frames could be used in malicious attacks that take advantage of a flaw in Microsoft's Internet Explorer Web browser that the company patched last December.

The IE Elements flaw, also known as the IFRAME vulnerability, could allow an attacker to take control of a victim's PC. Microsoft's Windows XP Service Pack 2 security update is not vulnerable to the flaw.

Microsoft is confident that its other MSN Web sites are not vulnerable to the same type of attack. The Korean site, unlike the US and most other international MSN sites, was not hosted by Microsoft, but by a Microsoft partner, Sohn said. "There may have been unpatched servers," he said, which could explain the break-in.

In Microsoft's own data centres, the company makes sure its servers are patched and in secure physical locations, Sohn said.

Broadband and mobile Internet usage is popular in South Korea. The market is important to Microsoft's MSN group, which has trialled new services in the country.

Microsoft has discovered an apparent attempt by hackers to steal user information from its South Korean MSN Web site and has taken action to repair the problem.

The attack was directed at the news section of the MSN Korea Web site, said Adam Sohn, a Microsoft spokesman. Microsoft was alerted Tuesday morning that the site had been compromised and took the site offline for a few hours to fix the problem, he said.

Microsoft has received no reports of users falling victim to the attack. The software maker is still investigating the issue and has called in law enforcement to investigate and take action against those responsible, Sohn said.

Early investigation has shown that the attackers placed an additional frame on the Web site, a so-called IFRAME, Sohn said. These frames could be used in malicious attacks that take advantage of a flaw in Microsoft's Internet Explorer Web browser that the company patched last December.

The IE Elements flaw, also known as the IFRAME vulnerability, could allow an attacker to take control of a victim's PC. Microsoft's Windows XP Service Pack 2 security update is not vulnerable to the flaw.

Microsoft is confident that its other MSN Web sites are not vulnerable to the same type of attack. The Korean site, unlike the US and most other international MSN sites, was not hosted by Microsoft, but by a Microsoft partner, Sohn said. "There may have been unpatched servers," he said, which could explain the break-in.

In Microsoft's own data centres, the company makes sure its servers are patched and in secure physical locations, Sohn said.

Broadband and mobile Internet usage is popular in South Korea. The market is important to Microsoft's MSN group, which has trialled new services in the country.


Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands
Advertisement
Register to Remove

Unread postby Bertha » June 6th, 2005, 6:31 am

Bump

Sorry for the doouble post, but I cant go back to edit it (no edit button)

Bertha
User avatar
Bertha
Admin/Teacher Emeritus
 
Posts: 2053
Joined: February 6th, 2005, 1:17 pm
Location: Midlands


Return to News Desk



Who is online

Users browsing this forum: No registered users and 11 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware