X

Whois search provides no clues to Microsoft outage

A practical joke misled many amateur investigators into prematurely believing that Microsoft's massive Web outage was the result of an attack.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
See full bio
Robert Lemos
2 min read
A practical joke misled many amateur investigators this week into prematurely believing that Microsoft's massive Web outage was the result of an attack.

A technical glitch caused many of Microsoft's major Web sites to disappear from the Web late Tuesday and for most of Wednesday, sending hordes of amateur investigators to the Internet in an attempt to ascertain what happened. One common, though fallible, tool is a simple Whois search.

A search for "Microsoft.com" using any of several of the Whois servers, which list information on each domain name on the Internet, returned 23 other domain names as well, such as: MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM and MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERRORISTS.NET.

Many people thought this indicated a hack. In reality, the bogus domain names are the result of people who take advantage of the way many Whois servers work.

Most Whois servers will return all domain names that have the same text as the search term. For example, if a person searches for "Microsoft.com," every domain name that contains the string "Microsoft.com" will be listed. That not only includes Microsoft's home domain name, but also strings such as those above.

As a result, such a search will return this domain name: MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM. But this is not a Microsoft domain name--it belongs to the LinuxIsGod.com domain name.

In addition to the Whois red herring, amateur sleuths speculated that Microsoft was attacked as a result of a battle between the administrators of the company's online role-playing game, Asheron's Call, and some game-playing hackers.

"Late Monday night, a bug was discovered that allowed players to intentionally crash the server their characters were on," the Asheron's Call team said in a letter to players Tuesday, the day the Microsoft sites first went down. "The players who were discovered repeatedly abusing this bug to bring down the servers are being removed from the game."

Many rumormongers speculated that the booted players were attacking Microsoft in retribution.

In reality, Microsoft said its own technicians were responsible for the nearly 24-hour outage. On Thursday, many of the company's Web sites were once again inaccessible--this time the result of attackers.