Hackers Found An Ingenious Way To Embarrass Microsoft

allheart55 (Cindy E)

allheart55 (Cindy E)

Administrator
Joined
Jul 12, 2014
Messages
7,354
Location
Levittown, Pennsylvania
Hackers_found_an_ingenious_way-0f842b1a564f11626fd5da1a8a2647fa.jpg


For many years, Microsoft has operated a website called TechNet, where IT professionals can download technical materials on Microsoft's products and get help troubleshooting problems.



On Wednesday, the security company FireEye revealed that hackers had infiltrated TechNet in an ingenious way to operate one of their illegal networks, or botnet.

These hackers did not break in to TechNet's security. Instead they set up ordinary user profiles on TechNet, then stuffed those profiles with malware. They went to forum pages and dropped malware there, too. FireEye called it "hiding in plain sight."

This wasn't so much a tactic to hack IT professionals who visited TechNet as it was to hide their nefarious activities from the botnet hunters trying to shut them down, FireEye reported.

It allowed the hackers to secretly run their botnet, FireEye says, because a victim's antivirus software thought the illicit traffic was coming from a safe Microsoft site.



35467a4910b858e092830baef990839a._.jpg

(FireEye) How hackers used Microsoft TechNet to run their botnet.


It also made it harder for network security professionals to find the actual botnet servers.

And herein lies the embarrassment for Microsoft, whose botnet-hunting group, The Digital Crime Unit, has worked with the FBI and officials in 80 countries to take down some of the largest, most dangerous botnets in the world.

This was an in-your-face to Microsoft from the hackers.

FireEye and Microsoft found a way to turn the tables. They injected tracking code into the hackers' malware to trace the botnet servers.


There's another wrinkle to all of this. FireEye's technology helps detect what are known as "advanced persistent threats" (APT), which involve hackers who are deliberately targeting one organization and which is very hard to stop. (That's in contrast with hackers who randomly troll the internet looking to infect computers.)

Last month, Microsoft took a big step as a competitor in FireEye's eyes by announcing its own APT security tool. It will initially work only with Microsoft's ActiveDirectory technology, the tool IT professionals use to set up employee accounts with passwords and such.

FireEye politely waited until after Microsoft's CEO announced this new product before it released a blog post and white paper about the hackers on TechNet.

Microsoft had no comment.

Source : http://finance.yahoo.com/news/hackers-found-ingenious-way-embarrass-150114201.html
 

Similar threads

AWS
How to proactively defend against Mozi IoT botnet
Replies
1
Views
323
Tony D
Tony D
L
New on Microsoft AppSource: June 7-13, 2024
Replies
0
Views
64
Luxmi_Nagaraj
L
AWS
A closer look at Qakbot’s latest building blocks (and how to knock them down)
Replies
1
Views
291
Tony D
Tony D
AWS
Insights you can use: Microsoft’s internal upgrade to Windows 11
Replies
1
Views
440
Tony D
Tony D
AWS
Microsoft Security Intelligence Report volume 23 is now available
Replies
0
Views
462
AWS
AWS
Back
Top