The attack was directed at the news section of the MSN Korea Web site, said Adam Sohn, a company spokesman. Microsoft was alerted Tuesday morning that the site had been compromised and took the site offline for a few hours to fix the problem, he said.
Microsoft has received no reports of users falling victim to the attack. The Redmond, Wash.-based software maker is still investigating the issue and has called in law enforcement to investigate and take action against those responsible, Sohn said.
Early investigation has shown that the attackers placed an additional frame on the Web site, a so-called iFrame, Sohn said. These frames could be used in malicious attacks that take advantage of a flaw in Internet Explorer, which Microsoft.
The IE Elements flaw, also known as the, could allow an attacker to take control of a victim's PC. Microsoft's Windows XP Service Pack 2 security update, or , is not vulnerable to the flaw.
Microsoft is confident that its other MSN Web sites are not vulnerable to the same type of attack. The Korean site, unlike the U.S. and most other international MSN sites, was not hosted by Microsoft, but by a Microsoft partner, Sohn said. "There may have been unpatched servers," he said, which could explain the break-in.
In Microsoft's own data centers, the company makes sure its servers are patched and in physically secure locations, Sohn said.
Broadband and mobile Internet usage is popular in. The market is important to Microsoft's MSN group, which has trialed new services in the country.