June 19, 2006 5:33 PM PDT

French Microsoft Web site hacked

Hackers on Sunday broke into a part of Microsoft's French Web site, replacing the front page with online graffiti.

The intruders were able to access the server that was running http://experts.microsoft.fr/, Microsoft confirmed Monday. The attack was claimed by Turkish hackers using the handle "TiTHacK," said Zone-H, a security Web site that keeps an archive with screenshots of defaced Web sites.

The attackers were likely able to penetrate the server running the Web site due to faulty configuration, Microsoft said in a statement Monday. "Microsoft took the appropriate action to resolve the issue and stop any additional criminal activity," it said.

The intruders apparently took advantage of a yet-to-be-patched flaw in a DotNetNuke script, Zone-H reported on Tuesday, after speaking with the attacker. DotNetNuke is an open-source content management system written in Visual Basic .Net for Microsoft's ASP.Net framework.

After breaking in, the attackers defaced the Microsoft Web site, leaving the following note: "Hi Master (: Your System 0wned By Turkish Hackers! redLine ownz y0u! Special Thanx And Gretz RudeBoy |SacRedSeer| The_Bekir And All Turkish HacKers next target: microsoft.com date: 18/06/2006 @ 19:06 WE WERE HERE...."

While so-called Web site defacements still occur often, they have become less high-profile in recent years as other, financially-motivated threats take the spotlight.

Microsoft is working with law enforcement to investigate and take appropriate action against the attackers, the company said.

The compromised Web site was offline most of Monday. Microsoft said it is working to restore the site, which is hosted at an unidentified third-party Web hosting company. The Web site runs Microsoft's Windows Server 2003 with IIS 6.0 Web server software, according to Netcraft, a U.K.-based Internet-monitoring company.

"We apologize if customers are inconvenienced by the unavailability of the affected Web site," Microsoft said. "Microsoft is committed to helping protect our customers and we're working diligently with the third-party hosting company to restore the functionality of this Web site as soon as possible."

See more CNET content tagged:
attacker, hosting company, Web server, Microsoft Corp., server

6 comments

Join the conversation!
Add your comment
Hmf...
When we're continually surrounded by finantial attacks and serious security threats, an attack like this (spraying graffiti on the front page) like teen rebellion in the 60s! No real harm done, but still p rovoking a few lifted eyebrows ...
Posted by theclaps (5 comments )
Reply Link Flag
My sentiments, too.
I'm sure microsoft will claim harm was done, but in essence, you are right... like spraying graffiti on the front page. Although it is still vandalism, I would prefer it over the tons of spam.
Posted by Seaspray0 (9714 comments )
Link Flag
Threats All Around
Theclaps is right, about the threats constantly surrounding us. Hackers are motivated to gain access into business infrastructures for many reasons, in this case cyber-vandalism.

For a smaller less equipped business such a defacement would be of greater impact <a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article2.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article2.htm</a>

There are nearly 70 million small businesses worldwide and over 20 million in the U.S. alone. Small business is a major part of the global economy - that means it's time to replace a general passivity towards the possible threats.

When large corporations like MS-France are hit, small business need to take notice too. A couple months ago I remember CNET also reporting a vandalism on the MS Korea site.
Posted by marileev (292 comments )
Reply Link Flag
Threats are there, but some are better than others
...not good for Microsoft's claimed security improvements in Windows Server 2003.

I wonder if Gartner has since changed its advisory "to stay the hell away from Windows Internet Information Server." if you're concerned about server security.

This certainly doesn't help build credibility for Windows Server as a secure platform.
Posted by Maccess (610 comments )
Link Flag
French Microsoft Web site hacked
I'm having a bit of trouble working up a tear for a company that wants to hack into every computer running their (actually my) software
(I paid dearly for it). Daily, weekly, or even monthly rechecks are an invasion. Once your copy of Windows has been authenticated, the excuses are over. Does anyone buy the implication that Microsoft believes that someone would trade Microsoft's crap (Windows) for a worse piece of crap (a copy)? If Microsoft has a truth, they aren't telling it. Microsoft can't claim the high ground by complaining about dishonesty and then be dishonest with its costumers.
Posted by vgraybeard (35 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.