Human error gave spammers keys to Microsoft systems
IDG News Service - Microsoft blamed human error after two computers on its network were hacked and then misused by spammers to promote questionable online pharmaceutical websites.
Microsoft launched an investigation Tuesday, after the problem was first reported in the Register. "We have completed our investigation and found that two misconfigured network hardware devices in a testing lab were compromised due to human error," Microsoft said Wednesday in a statement. "Those devices have been removed."
After they were compromised, the two servers were to handle the DNS of more than 1,000 fraudulent pharmaceutical websites, according to Ronald Guilmette, the managing member of network security software vendor Infinite Monkeys. He discovered the hacked Microsoft systems late last week while researching pharmaceutical spam. "This same group has hijacked quite a lot of machines all over the world," Guilmette said in an interview.
The devices that got hacked were "network devices that run a Linux kernel," Microsoft said.
In addition to spam, at least one of the Microsoft computers was also used to launch a denial of service attack against a website belonging to Brian Krebs, the security blogger said Wednesday. Krebs believes that Russian-based pharmaceutical spammers were behind the attack on his site.
No customer data or production systems were affected by the attack, Microsoft said.
Microsoft has taken steps to improve its security in recent years, and has taken a hard-line stance against spam, so it's embarrassing to have company systems misused in this way.
"We are taking steps to better ensure that testing lab hardware devices that are Internet accessible are configured with proper security controls," Microsoft said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All IT Outsourcing White Papers | Webcasts