FPCH Admin allheart55 Cindy E Posted May 16, 2015 FPCH Admin Posted May 16, 2015 For many years, Microsoft has operated a website called TechNet, where IT professionals can download technical materials on Microsoft's products and get help troubleshooting problems. On Wednesday, the security company FireEye revealed that hackers had infiltrated TechNet in an ingenious way to operate one of their illegal networks, or botnet. These hackers did not break in to TechNet's security. Instead they set up ordinary user profiles on TechNet, then stuffed those profiles with malware. They went to forum pages and dropped malware there, too. FireEye called it "hiding in plain sight." This wasn't so much a tactic to hack IT professionals who visited TechNet as it was to hide their nefarious activities from the botnet hunters trying to shut them down, FireEye reported. It allowed the hackers to secretly run their botnet, FireEye says, because a victim's antivirus software thought the illicit traffic was coming from a safe Microsoft site. (FireEye) How hackers used Microsoft TechNet to run their botnet. It also made it harder for network security professionals to find the actual botnet servers. And herein lies the embarrassment for Microsoft, whose botnet-hunting group, The Digital Crime Unit, has worked with the FBI and officials in 80 countries to take down some of the largest, most dangerous botnets in the world. This was an in-your-face to Microsoft from the hackers. FireEye and Microsoft found a way to turn the tables. They injected tracking code into the hackers' malware to trace the botnet servers. There's another wrinkle to all of this. FireEye's technology helps detect what are known as "advanced persistent threats" (APT), which involve hackers who are deliberately targeting one organization and which is very hard to stop. (That's in contrast with hackers who randomly troll the internet looking to infect computers.) Last month, Microsoft took a big step as a competitor in FireEye's eyes by announcing its own APT security tool. It will initially work only with Microsoft's ActiveDirectory technology, the tool IT professionals use to set up employee accounts with passwords and such. FireEye politely waited until after Microsoft's CEO announced this new product before it released a blog post and white paper about the hackers on TechNet. Microsoft had no comment. Source : http://finance.yahoo.com/news/hackers-found-ingenious-way-embarrass-150114201.html Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.