Denial-of-Service Attack Brings Down Microsoft

A denial-of-service (DoS) attack that took down Microsoft's (Nasdaq: MSFT) Web site Friday, two days after the U.S. Department of Homeland Security warned of a widespread Windows vulnerability, is being investigated by the Redmond, Washington-based software company and law enforcement officials.

Microsoft has some clues as to the origin of the outage, which lasted for about 1 hour and 40 minutes Friday afternoon, Microsoft spokesperson Sean Sundwall told TechNewsWorld.

"It's pretty hard to track down where it came from," Sundwall said. "There is to some degree a trail that is left, some bread crumbs, but I'm not at liberty to discuss what those are."

The DoS attack -- a flood of messages intended to overwhelm network pipes and choke bandwidth -- would not normally cause much concern, but its timing in conjunction with the warnings from the federal government and security officials might signal more trouble.

Business as Usual

Despite the security warnings surrounding the Windows vulnerability –- a Remote Procedure Call (RPC) hole for which exploit code was published online -– and an e-mail worm that spread rapidly via Outlook Express over the weekend and on Monday, Microsoft is not in a heightened security mode, according to Sundwall.

"Around here, we're always on high alert," he said. "There wasn't anything out of the ordinary that we were doing."

He called the DoS attack "more of a nuisance than anything else," adding that its only impact was lack of access to Microsoft's Web sites for little more than an hour and a half.

Cybercrime Spray Paint

Aberdeen Group research director Eric Hemmendinger told TechNewsWorld that DoS attacks are generally viewed as vandalism.

"In essence, what it is is a vandalism act which has as its objective preventing the target from operating normally," he said. "If you're targeted, the ability to serve your constituency over a Web site is crippled."

However, there is speculation that the latest DoS to hit Microsoft's site is a harbinger of more serious security issues to come, according to messages posted on various Internet discussion boards.

Confluence of Concerns

The DoS attack came soon after government and security organizations warned about the Windows RPC vulnerability and prior to the spread of the MiMail worm.

However, Sundwall said there is no reason to believe any of the issues were connected or perpetrated by the same people.

"There are things that indicate it's just a circumstantial coincidence," he said. "Frankly, there's a level of sophistication involved with the three things that indicate it's not the same individuals responsible for one or more of them."

Likely Suspects

Sundwall, who said the traditional DoS attack had nothing to do with software vulnerabilities, also pointed out that the DoS attack coincided with the DefCon hacker conference in Las Vegas, which began Friday.

"It is interesting to note this all happened on the first day of DefCon," he said, though he added, "There's no indication they're necessarily related. We have no evidence one way or the other."

For his part, Hemmendinger said that although it is theoretically feasible that a DoS attack could be planned to coincide with a software vulnerability and exploit or a worm -– thereby preventing users from patching via the Microsoft site -– it is not a significant worry.

"It doesn't mean it will happen, and it doesn't mean anyone should plan for it," he said.

DoS Defense

Hemmendinger said that those suffering under a DoS attack have a few options: They can attempt to stop the attack, protect their IT assets from it or let it go as an inconvenience.

Despite the failure of some vendors offering software and services to help customers prevent DoS attacks, there are still companies supplying protection, Hemmendinger said, referring to Riverhead, Arbor Networks and Mazu Networks.

"There is a group of suppliers delivering solutions today to help telcos and service providers protect themselves," he noted. "There are solutions out there."