Microsoft Corp.’s main Web site was inaccessible for two hours Thursday evening, the victim of an Internet-borne DoS (denial of service) attack, the company said.
The company is cooperating with federal law enforcement officials to investigate the attack, which is the second successful DoS attack against Microsoft.com this month.
The attack occurred Thursday evening at 8:45 p.m. Pacific Daylight Time and was directed at www.microsoft.com, the Redmond, Washington, company’s main Web address, according to Sean Sundwall, a Microsoft spokesman.
Microsoft.com was completely inaccessible for two hours Thursday evening and experienced “off and on” disruptions for another two hours, Sundwall said. Microsoft’s products and Web pages have been the subject of much attention this week, with the release of a new worm, W32.Blaster, that targets machines running Microsoft Windows XP and Windows 2000.
Blaster spreads by exploiting a security flaw in Windows software and contains a preprogrammed DoS attack against the company’s windowsupdate.com Web page. That attack is scheduled to begin Aug. 16. However, Thursday’s attack was not linked to Blaster or the security hole exploited by Blaster.
“We’re really confident that this was not an attack from the Blaster worm,” Sundwall said.
The timing of the attack and a technical analysis of the traffic sent to Microsoft indicate a source other than machines infected with Blaster, he said.
Early reports that Microsoft’s windowsupdate.com site was the target of the attack proved false, though some users reported difficulty reaching the site Friday morning.
The windowsupdate.microsoft.com and download.microsoft.com sites, which distribute software updates to Microsoft customers, were unaffected by the attack, Sundwall said. Users continued to access and download software patches from those sites throughout the attack, he said.
Helsinki security company F-Secure Corp. has been monitoring windowsupdate.com since Wednesday and detected no interruption as of midmorning U.S. Eastern Daylight Time, according to Mikko Hyppönen [cq], head of antivirus research at F-Secure.
While both Thursday’s attack and the Aug. 1 attack against Microsoft.com were distributed denial of service attacks, Microsoft does not believe the two were linked.
“That’s the only similarity we can confirm at this point. We think the sources were different,” Sundwall said.
Microsoft could not comment on the details of the attack, but Sundwall said that it was a distributed denial of service (DDoS) attack emanating from machines worldwide. DoS attacks come in many flavors, but are all designed to cripple a Web site or computer network using floods of useless traffic.
Microsoft did not know how many computers were involved in the attack, but Sundwall pointed out that Microsoft’s Web site is a popular target and is designed to withstand even large-scale attacks without disruption.
The attackers probably have a very large network of compromised “zombie” machines that are being coordinated to attack Microsoft, he said. With two successful attacks in one week, Microsoft is looking into software and other technology to prevent future threats, Sundwall said.
Microsoft is already a customer of Cambridge, Massachusetts, company Akamai Technologies Inc., which operates a distributed worldwide network that can diffuse DoS attacks. Microsoft would not comment on whether Thursday’s attack affected only Microsoft servers, or whether Akamai servers were involved as well.
For now, the company is cooperating with federal officials and continues to research the attack, Sundwall said.