|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] [defaced-commentary] 3 Microsoft Web sites Defaced, Corrections, IIS5 hole
From: InfoSec News (isn
C4I.ORG)
Date: Thu May 03 2001 - 19:27:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
---------- Forwarded message ----------
Date: Thu, 03 May 2001 19:41:53 -0400
From: McIntyre <McIntyreattrition.org>
To: defaced-commentaryattrition.org
Subject: [defaced-commentary] 3 Microsoft Web sites Defaced, Corrections,
IIS5 hole
Earlier this evening (Eastern Time) the Web sites for Microsoft UK,
Microsoft Saudi Arabia and Microsoft Mexico were defaced by the group Prime
Suspectz. This makes 9 times a Microsoft Web site has been defaced
including other Microsoft global sites in Brazil and Slovenia.
The full list of past Microsoft targets have included:
msrconf.microsoft.com (a supposed retired MS server and the first recorded
defacement of a Microsoft server) on October 24, 1999
http://www.attrition.org/mirror/attrition/1999/10/24/msrconf.microsoft.com/CMT/
Microsoft Brazil by IZ corp defaced June 3, 2000
http://www.attrition.org/mirror/attrition/2000/06/03/www.microsoft.com.br/
The Microsoft Events Server by someone unknown on November 11, 2000
http://www.attrition.org/mirror/attrition/2000/11/07/events.microsoft.com
Microsoft Slovenia (defaced twice) the first time by Furia.BR on December
14, 2000 and the second time by BoLoDoRiO 3 days later
http://www.attrition.org/mirror/attrition/2000/12/14/www.microsoft.si
http://www.attrition.org/mirror/attrition/2000/12/17/www.microsoft.si
Microsoft New Zealand was also defaced by Prime Suspectz on January, 23rd
of this year:
http://www.attrition.org/mirror/attrition/2001/01/23/www.microsoft.co.nz/
CORRECTION:
Last month (April 2001) we had claimed that the Microsoft Greece Web site
was defaced twice, first by Prime Suspectz and later by World of Hell
(WoH). We were later informed that the domain www.microsoft.com.gr was
owned by a man in Greece not by Microsoft and further research led to the
true Microsoft Hellas (Greece) Web site at: http://www.microsoft.com/hellas/.
http://www.attrition.org/mirror/attrition/2001/04/20/www.microsoft.com.gr/
http://www.attrition.org/mirror/attrition/2001/04/27/www.microsoft.com.gr/
COMMENTS ON THE RECENT IIS 5.0 HOLE
While these 3 Microsoft Web sites and the previous NEC USA Web sites have
all been running Windows 2000 and IIS 5.0, we will not say they are using
the exploit (jill.c) for the recent IIS hole discovered by eEye until we
have confirmation from the defacers themselves. Please do not ask - we will
post something when we know.
ABOUT PRIME SUSPECTZ and OTHER GROUPS
Prime Suspectz is a group known for their regular campaign against Web
sites of large multinational corporations including NEC USA (a short time
ago) Nike Brazil, Panasonic Italy, BMW France, Chevrolet Argentina, Samsung
South Africa, Nintendo Spain and many more. See our previous commentary on
high profile foreign defacements for a full list -
http://www.attrition.org/security/commentary/hp-foreign-01.html
NEC USA
http://www.attrition.org/mirror/attrition/2001/05/03/www.nec.com/
Their targets aren't only limited to the foreign sites of multinational
corporations. Yesterday Prime Suspectz defaced the Ford Motor Corporation's
Media Web site.
http://www.attrition.org/mirror/attrition/2001/01/22/media.ford.com/
A full list of Prime Suspectz previous defacements are available at
http://www.attrition.org/mirror/attrition/psuspectz.html .
Prime Suspectz isn't the only group defacing high profile foreign sites. So
far this year, sites for Canon Greece, Canon Turkey, and Xerox India have
also been defaced. We expect to see this trend continue until these
companies work to secure their global Web sites as well or better than
their flagship portals.
http://www.attrition.org/mirror/attrition/2001/01/22/www.canon.gr/
http://www.attrition.org/mirror/attrition/2001/01/21/www.canon.com.tr/
http://www.attrition.org/mirror/attrition/2001/01/21/www.xerox.co.in/
-
The information and commentary is Copyright 2001, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.
Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html
Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staffattrition.org
To subscribe to Defaced Commentary, send mail to majordomoattrition.org
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]