The Korean portal reportedly fell victim to hackers for one reason: its servers had not been patched.
Microsoft said on Thursday that someone had placed malicious code on the MSN Korea site in an attempt to steal passwords. A Microsoft spokesman said the English-language sites were not open to the type of attack that affected www.msn.co.kr, according to AP.
A third party runs the Korean site, a different practice than what is done with Microsoft’s US sites. That operator apparently failed to apply available patches to its servers. And an unpatched operating system running a popular service like MSN becomes a big target for malicious activity.
Korean authorities and Microsoft personnel were examining the corrupt servers for more information. The company became aware of the problem on Tuesday, when external security researchers reported it. Microsoft removed the servers after tracing the problem.
The malicious code on the site would scan a visitor’s computer, and then try to download keylogging software from a number of hacked Chinese web sites. With so many Korean users on broadband connections, these attacks could happen very quickly.
But there have not been any reports of users harmed by the security breach. Microsoft does not yet know how long the malicious code has been on the web site. That code took advantage of a problem in Internet Explorer called an iFrame vulnerability. A patch for that problem was distributed last December.
Later, MSN Korea reported the only site affected was the news portal at news.msn.co.kr, and that malware placed on the site would cause advertising pop-ups to appear on a user’s computer.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
