Update: Microsoft stung by hack attack

Computerworld - Microsoft Corp. today confirmed that its internal computer network was hacked by malicious attackers who were able to view -- but apparently not modify -- some of the software vendor's source code.

The incident, which security experts said could potentially have serious repercussions for Microsoft, was discovered by the company on Wednesday and reported to the FBI yesterday, according to a spokeswoman. The attack, which is now being investigated by the FBI, was believed to have been initiated in St. Petersburg, Russia.

Microsoft, in a statement released this afternoon, said the incident "appears to be much narrower" in scope than it originally feared.

"Our investigation shows no evidence that the intruder gained access to the source code for our major products, such as Windows Me, Windows 2000 or Office," Microsoft said. "Although the hacker apparently was able to view some source code under development for a future product, the investigation confirmed that there was no modification or corruption of any source code."

Company executives "are confident that the integrity of Microsoft's intellectual property remains secure" and don't think any customers were affected by the intrusion, the statement added.

Microsoft noted that it's working with law-enforcement officials "to address this deplorable act of industrial espionage." An FBI spokesman said only that the agency's investigators "are aware of the matter and are looking into it."

Graham Cluley, a security expert at U.K.-based security software vendor Sophos Anti-virus, said it appears that the attackers used a worm known as QAZ to break into Microsoft's network, although he noted that reports vary about whether Microsoft has confirmed that fact.

"That's what it looks like it would most likely be," Cluley said. "[But] there's really a garbled message coming out now [from Microsoft]." However, an attack with a worm such as QAZ "shouldn't have been possible" if Microsoft had properly configured its firewall and antivirus software and kept them updated, he said.

Cluley said QAZ -- also known variously as Troj.QAZ , Worm.QAZ or QAZ.Trojan -- is the fifth-most reported worm to the Sophos help desk and has been in circulation for several months. Trend Micro Inc., another antivirus software vendor, rates QAZ ninth on the list of the top 10 viruses and worm programs it's tracking, with a medium-level risk to users.

But companies such as Sophos, Trend Micro and Finland-based F-Secure Corp. previously updated their antivirus packages to detect QAZ. And the descriptions of the worm that are posted on their Web sites include steps users can take to protect themselves from QAZ.