Feeds

MS hacked once, twice, three, FOUR times

Prime Suspectz takes the IIS out of Microsoft

  • alert
  • submit to reddit

Build a business case: developing custom apps

Notorious hacker Prime Suspectz has gone on a cracking spree against Microsoft servers that has resulted in the defacement of FOUR of the software giant's sites.

Three of the sites hit by the attack (all of which appear to be recently introduced, and under development) are currently inaccessible. A fourth, webcfeedback.msn.com, has been redefaced by hacker group Silver Lords with a protest against human rights abuses in Kashmir after being attacked earlier this morning by Prime Suspectz.

A record of Prime Suspectz's defacements has been recorded on defacement archive Alldas.de and can be seen here (click on arulk.rte.microsoft.com, feeds.mobile.msn.com and redsand.rte.microsoft.com to see the latest attacks). All the sites involved run Microsoft's IIS web server on a Windows platform and add to the lengthening list of the software giant's Web servers to fall victim to s'kiddies.

In the latest defacements, Prime Suspectz taunts Microsoft's Web administrators and brags of his hacking prowess.

"Prime Suspectz again! One, two, three, in only 30 minutes, As we can see, this server IIS is very good!! Micro$oft, where i find secure products made by you? WHERE?," he mocks.

The webcfeedback.msn.com defacement takes up the same theme: "Prime Suspectz is back micro$oft. + one for the collection when your security will go to improve? never hehehe! kisses adm gay!"

Mark Read, a security consultant at MIS Corporate Defence Solutions, said exploits of the recently announced ISAPI (Internet Server Application Programming Interface) bug in IIS were the most probable exploit used in the attack. However he added that since IIS is as full of holes as Swiss cheese other exploits like the Unicode bug couldn't be ruled out.

"Microsoft has released a patch for these exploits but hasn't applied it themselves," said Read. "All it takes is for a system admin to be down the pub when an alert comes out and remote sites, or those used for development, will end up unprotected." ®

External Links

Prime Suspectz defacements

Related Stories

MS confronts another IIS system-level hole (ISAPI bug)
Microsoft UK 0wn3d
Microsoft hacked in the Balkans
Microsoft Web site hacked in Kiwiland
Exploit devastates WinNT/2K security
How you hack into Microsoft: a step by step guide

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?