Microsoft Hack: Aussie Experts "Amazed"

Australian security analysts are "amazed" that software giant Microsoft was hacked by a Trojan horse program which was identified as early as July this year.

"If Microsoft used up-to-date anti-virus filtering on their firewall and computer systems it would have been detected; everyone has known about this Trojan since it was first identified five months ago," E-consulting firm Shake Communications director Anna Johnson said yesterday.

"If a company like Microsoft is a victim of this imagine how many companies out there with fewer security measures in place have Trojans sitting on their networks; it is highly likely that many companies are already having confidential information stolen only they don't know it."

In a statement on its Web site Microsoft confirmed hackers gained access to source code under development for a future product and the FBI were called in last week to undertake an investigation.

While Microsoft said no source code was modified or corrupted reports overnight claim the attackers were about to view portions of the source code for key software products such as Windows and Office.

The attackers used a Qaz Trojan a malicious program, which can disguise itself as an innocuous joke or game in an e-mail and can replicate itself to other computers compromising the network.

With access to the network Johnson said the hacker was able to obtain employee passwords which were sent to an account in St Petersburg, Russia.

"Posing as a Microsoft employee working remotely, the hacker then gained access to highly sensitive areas of the company's corporate network; unlike viruses, the damage resulting from receiving a hidden Trojan might not become immediately apparent, especially if a hacker's aim is to secretly access data," she said.

In Microsoft's formal statement the company said, "we have no reason to believe that any customers have been or will be affected in any way by the incident."

However, anti-virus software company Sophos' managing director for Australia and New Zealand Richard Baldry said the main damage to Microsoft is on a corporate level.

Baldry said source codes are the company's number one trade secret. This is why companies go to great lengths to protect such information.

"The stolen code may be used to develop competing products, create back doors into the company's software or be released to hacker circles for exploitation," he said.

Baldry said since July Qaz Trojan variants have been identified. He expressed "surprise" Microsoft had not updated its software as such malicious programs can bypass any firewall.

F-Secure anti-virus researcher Mikko Hypponen said Qaz makes it easy for an outsider to gain access to confidential data.

"We've been forecasting that worm-based industrial espionage would happen for quite some time, and it look like now it has happened big time," he said.

Microsoft said it will be working closely with US law enforcement authorities to investigate the incident and will take appropriate action when the responsible person(s) have been identified.

In summary, the company said: "This intrusion is a deplorable act, but we anticipate that customers will be unaffected by it."

Join the newsletter!

Error: Please check your email address.

More about FBIF-SecureMicrosoftShake CommunicationsSophos

Show Comments

Market Place