Microsoft investigates DOS attack on

Microsoft investigates DOS attack on

Microsoft's main Web site was unreachable for almost two hours last Friday as the Web server it is hosted on failed following a DOS (denial of service) attack.

"I can confirm a DOS attack on the Web site. It started at 1.21pm [Pacific time] and lasted for roughly one hour and forty minutes," a Microsoft spokesman said. "We have reported this to the appropriate federal law enforcement authorities and they are investigating this particular attack."

The denial of service was caused by "a malicious load of site requests," the spokesman said, but Microsoft has yet not determined where the attack originated or who could be behind it. However, the company has determined that its site did not go down as a result of a software flaw, nor was a flaw in any Microsoft product involved in staging the attack, the spokesman said.

"This is not a Microsoft software issue," he said.

The attack hit only the Web site, other Microsoft Web properties such as MSN, Hotmail and MSNBC were not affected, the spokesman said.

Microsoft's Web site is one of the most popular targets for attack on the Web and has suffered outages in the past. The company's site has also been attacked by exploiting unpatched software holes in Microsoft's own server software.

Microsoft did quite well fielding this attack, as sites typically go down for a longer period of time, according to Eric Siegel, principal Internet analyst at Web performance management services firm Keynote Systems.

"Usually DOS attacks are more catastrophic," he said. "Microsoft's performance in this attack was quite good. Microsoft has gotten better at fending off DOS attacks. I can see that the Microsoft systems were trying to recover. They were fighting. A couple of years ago these attacks were longer and the system would collapse completely." is part of Keynote's Business 40 index, which tracks performance and availability of what Keynote considers the 40 most important and well-connected business Web sites in the US.

Data is collected from 25 major US metropolitan areas and various Internet backbone providers.

(Paul Roberts in Boston contributed to the story.)

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments