It's happened again. A large, high-profile corporation was hacked. Although Microsoft officials admitted the system was hacked, they're being mum about the possibility that source code for the next versions of Windows and Office were tampered with (or worse). The implications here are huge...there's a vast amount of code involved, and the perpetrators could have inserted their own bits of code or practical jokes anywhere. Will Microsoft really be able to examine all of it, to see what damage may have been done? Can you trust the next releases of Microsoft products? It's too soon to tell, but this event will probably cause consumers to think twice before making their next Microsoft purchase.

The sad thing is, the hole exploited in this attack is a well-known one. It's been around for awhile, so why did Microsoft fall prey to it? This exploit should be a good warning to us all, about the basics of security. First, keep vigilant about protecting your systems. Always update the new releases of your anti-virus programs, and scan your systems. Train your employees to detach and scan all attachments that come via e-mail. Don't even investigate suspicious mail. If you weren't expecting it, and it looks like spam, you probably don't want it. And never, ever disable your system's protection, as some programmers tend to do to speed things up. Based on the potential for a business-crippling hack, it just isn't worth the couple of minutes saved here and there.

Granted, Microsoft is a huge corporation, and is probably a popular target for attacks. It must be some kind of badge of honor in the hacking community to be able to get into such a company's system. But just because you have a smaller company with a smaller network, don't think it's safe. Technical Editor Terry Crow recently implemented a personal firewall on his home system, and in less than three hours it logged five suspicious probes from the Internet. You can read the whole story here: http://www.advisor.com/Articles.nsf/aid/CROWT63.

What we know

Microsoft officials announced that their system had been hacked via a QAZ Trojan. This worm surfaced four months ago and is well-documented in the security arena. In other words, it isn't new. The QAZ software gets delivered via e-mail and opens a back door to hackers, giving them remote control over the infected computer. Experts believe that a Microsoft employee received e-mail carrying QAZ and installed it. QAZ was disguised as Notepad, then sent a remote signal to a computer in Asia with the Internet location of the computer. QAZ may have automatically downloaded and installed hacker tools from a Web site in the South Pacific, some experts believe. QAZ gave the intruder some control over the victim's computer, and it spread to the computers it found in that part of the Microsoft campus. The hackers used another program to collect employee passwords, which were sent to a Russian e-mail address. Posing as Microsoft employees working off-site, the hackers used the passwords to enter sensitive areas of the network and downloaded files.

The attacks were recognized several days ago, but may have been going on for several months. Although this was the time period when Windows ME was released, Microsoft officials say that the source code for ME was done well before they believe the attack started.

The FBI is working with Microsoft to investigate this attack. They haven't commented about possible motives, but it could be anything from corporate espionage to hackers just doing it for the challenge.