By Will Sturgeon, 15 November 2006 11:15
NEWS
Microsoft has become the victim of pranksters who have replaced DNS information held on several sub-domains, which look like they are held by Microsoft - though they are not - with a string of potty-mouthed insults aimed at the software giant.
Comments levelled at Redmond, which all show up as convoluted extraneous domains, include slurs along the lines of microsoft.com.will.be.beaten.with.my.spanner.net and microsoft.com.is.a.steaming.heap.of.fucking-bullshit.net as well as the apparently pro-open source comment: microsoft.com.should.give.up.because.linuxisgod.com.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
At the time of writing the comments were all showing up when searching for genuine DNS information on the Microsoft.com domain using the Whois database. And it appears they have been available for quite some time. (Screen grab here). They show up ahead of the relevant results because of the prevalent use of 'microsoft.com' and remind businesses of the need to be aware of anywhere their brand is being abused and any means used to do so. Other major companies have also been abused in this way.
The Whois database typically contains data on the registered owner of a domain, such as contact details as well as expiry date of the domain and the date it was registered.
However, a spokeswoman for Whois denied any hacking of its own service has occurred and said its search is just pulling information from the crsnic.net database which is owned and operated by Verisign.
It is unclear who the guilty party is though one line on the page reads: microsoft.com.zzz.is.0wned.and.hax0red.by.sub7.net.
It seems likely this is a reference to the Sub7 backdoor Trojan which is a popular tool among hackers and script kiddies bent on causing disruption through largely childish and offensive website defacements.
At the time of writing Verisign had not responded to questions about the listing.
Comments
There are 2 comments. Join the discussion
1. -flo
Those are so-called "subdomains" to domains like spanner.net, linuxisgod.com etc.
Neither Verisign nor "Whois" are in control of subdomains to any of their domains since they are stored and managed on the respective domain owner's nameserver of choice.
I have absolutely no idea what the hell is so interesting about this, but I assume you just neede a headline. Well, it's not evil, noone can do anything about it and noone really cares.
2. anonymous
There isn't anything particularly nefarious going on here, excepting the potential defamation.
What has happened is that the owners of linuxgod.com have simply registered the "microsoft.com.blah.blah" as a Server Name with their registrar, for use as a DNS server or suchlike.
It appears in the results for "microsoft.com" because it contain the phrase "microsoft.com", not because these people have done anything to the microsoft.com records. The Whois query is doing what it is told (search for "microsoft.com", return results).
Try the same query on google.com, or aol.com, or any other major site - the same thing happens.
The server records have probably existed in this manner for years, it really is nothing new.
Whether or not they should be allowed to register such names as server names is another debate!