In association with heise online

04 July 2007, 14:51

Microsoft's UK web site defaced

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A page on Microsoft's UK web site has been defaced by attackers calling themselves rEmOtEr. The normal page was replaced by a page of images referring to Saudi Arabia.

Defaced Microsoft UK web page
Zoom The Microsoft UK web page as defaced by rEmOtEr

rEmOtEr have in the last two months also defaced several web sites belonging to the Israeli and Egyptian governments, so it would seem that the attacks are to some extent politically motivated. However, the attackers also released a video showing how they carried out the defacement, so there may be other motives at work as well. The video, released on http://www.unbase.com, was taken down almost immediately and its URL now redirects to a parked domain name (http://www.stanpost.com).

The attacked page (http://www.microsoft.co.uk/events/net/eventdetail.aspx?eventid=8399) was contaminated with an injected line of html "<link xhref=http://h.1asphost.com/remoter/css.css type=text/css rel=stylesheet>". This may have been done by means of SQL injection, such pages being generated dynamically by the Microsoft site.

Soon after the attack, Zone-H, an independent security archive that among other things records web site defacements, demonstrated a Cross Site Scripting (XSS) problem on www.microsoft.co.uk/events/net/PreRegister.aspx, a page that is not unavailable any more. However, Zone-H researchers have commented that tampering with the URL parameters can permit both cross-site scripting (XSS) and SQL injection.

This is not the first time a Microsoft site has been defaced. As recently as early May this year an image of Bill Gates covered with custard pie was inserted into http://ieak.microsoft.com. However the software giant is by no means alone, and is not even apparently singled out for special treatment. The Digital Attacks Archive of Zone-H suggests that worldwide more than a dozen web sites are defaced daily.

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733181
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit