MS Can't Be Found?!

Printable View

July 28th, 2004, 11:12 PM
AngelicKnight

MS Can't Be Found?!

Has MS finally been hit?

I can't get to www.microsoft.com. Check out the screenshot...
July 28th, 2004, 11:13 PM
MrLinus

I got to them no problem. Perhaps it's you? Have you checked for the standard virus/spyware stuff?
July 28th, 2004, 11:15 PM
AngelicKnight

Yeah, I should be spyware-free, and www.microsoft.com is the only website doing that, I can go anywhere else. This is from Firefox, so I tried IE, and it took me to the usual "We can't find www.microsoft.com" search page. Hmm...
July 28th, 2004, 11:18 PM
dstevens1958

Actually, when you click the link in AngelicKnight's post, look at the address in the address bar. http://www.microsoft.com./

Notice the period after the .com, isn't this like their test server? I though I read about something like that for hotmail, you added a dot after the .com and it would get the test server. I dunno, maybe it doesn't even make any difference?

Either that or they are just using their nice stable operating systems on their servers again... ;) lol. it could also be spyware like already mentioned. I can load it just fine. (Both IE and Firefox)

Dave
July 28th, 2004, 11:20 PM
AngelicKnight

I'm getting the same result without the period though. Well at least it wasn't a stupid typo on my part this time...www.microsoft.com is giving me the same result.
July 28th, 2004, 11:27 PM
RejectKnowledge

Got there fine.
Through firefox too.
July 28th, 2004, 11:34 PM
RoadClosed

no prob here. Try the ip to see if you have any DNS issue.
In this instance www.microsoft.com redirects to www.microsoft.com.nsatc.net [207.46.156.156]

Also hit f5 after it times out to clear cache
July 29th, 2004, 06:20 AM
xierox

Only if you're running XP, I think: XP caches DNS lookup results for a while so as to not have to query the server for the IP every time. I believe successful query results are cached for 24 hours and unsuccessful results are cached for only 5 minutes. You may as well try this, though, can't really hurt anything. Go to Start -> Run -> type in 'cmd' (no quotes). It's going to open the Command Prompt. Type 'ipconfig /flushdns' -> Press Enter or Return. Basically it clears all cached IPs the computer received in its DNS queries. Try it out. I don't know whether or not this will work on any other OS than XP. Best of luck!

Regards,
Xierox
July 29th, 2004, 06:43 AM
Terr

Now, I could be wrong, but in the abstract DNS specifications, isn't the trailing last-most-dot actually just mean the unnamed absolute root domain which contains com,net,etc? It's not an FQDM, it's an Over Qualified Domain Name.

The OQDN just happens to always be the same as the FQDN in the end.

Make sure no microsoft entry exists in any of these files which may exist:
c:\windows\hosts
c:\windows\system32\drivers\etc\hosts
C:\windows\system32\drivers\etc\hosts
(One per 9x, XP, 2k, if none of the files exist, don't worry.)

Try 'ping www.microsoft.com' in a command line, note the IP address (if exists) if you don't get one mentioned or it doesn't match what some online tools say then it may just be your ISP. Your pings might not return, but it doesn't matter since it's just a quick-n-dirty way of seeing the IP.
July 29th, 2004, 12:13 PM
er0k

my question is (sarcasm) why would you want to go to microsoft.com anyway? You'd think it would be a good thing for it to be off the web ;)
July 29th, 2004, 02:28 PM
AngelicKnight

Well, just got in the office this morning, and I can get there fine. Go fig.
July 29th, 2004, 02:39 PM
whatthe

Maybe a MyDoom side effect?

http://www.enterpriseitplanet.com/se...le.php/3387511
July 29th, 2004, 02:49 PM
AngelicKnight

That's what I suspected. When Google was hit, someone started a thread with an almost identical question to mine. He couldn't reach Google, but everyone else at the time could. We found out later that MyDoom was using Google to search out e-mail addresses.

//edit -- Bingo.

Quote:

Once Zindos has infected a machine it causes the machine to request the http://www.microsoft.com/ domain in an infinite loop, with 50ms delays. This behaviour could help to explain the difficulties some Reg experienced visiting the software giant's website earlier this week.

SOURCE
July 29th, 2004, 06:39 PM
deftones12

Well mydoom.b modified some hosts files, and didnt allow you to get to some sites. Its not cuz mydoom would try and dos them but because it was blocking you from goin there in the hosts file. Well i guess you can get there now but maybe you had mydoom.b and you just got rid of it? check it out.
July 29th, 2004, 06:54 PM
AngelicKnight

Well, AV's updated and hasn't warned me of any MyDoom attacks...hmm...
July 29th, 2004, 07:47 PM
djscribble

it is possible that it could be a new variant... i know here we had more problems with the gaobot variants than we had combined blaster/sasser
July 30th, 2004, 12:37 AM
deftones12

taken from http://www.us-cert.gov/cas/techalerts/TA04-028A.html

Quote:

The virus overwrites the hosts file (%windir%\system32\drivers\etc\hosts on Windows NT/2000/XP, %windir%\hosts on Windows 95/98/ME) to prevent DNS resolution for a number of sites, including several antivirus vendors
127.0.0.1 localhost localhost.localdomain local lo
0.0.0.0 0.0.0.0
0.0.0.0 engine.awaps.net awaps.net www.awaps.net ad.doubleclick.net
0.0.0.0 spd.atdmt.com atdmt.com click.atdmt.com clicks.atdmt.com
0.0.0.0 media.fastclick.net fastclick.net www.fastclick.net ad.fastclick.net
0.0.0.0 ads.fastclick.net banner.fastclick.net banners.fastclick.net
0.0.0.0 www.sophos.com sophos.com ftp.sophos.com f-secure.com www.f-secure.com
0.0.0.0 ftp.f-secure.com securityresponse.symantec.com
0.0.0.0 www.symantec.com symantec.com service1.symantec.com
0.0.0.0 liveupdate.symantec.com update.symantec.com updates.symantec.com
0.0.0.0 support.microsoft.com downloads.microsoft.com
0.0.0.0 download.microsoft.com windowsupdate.microsoft.com
0.0.0.0 office.microsoft.com msdn.microsoft.com go.microsoft.com
0.0.0.0 nai.com www.nai.com vil.nai.com secure.nai.com www.networkassociates.com
0.0.0.0 networkassociates.com avp.ru www.avp.ru www.kaspersky.ru
0.0.0.0 www.viruslist.ru viruslist.ru avp.ch www.avp.ch www.avp.com
0.0.0.0 avp.com us.mcafee.com mcafee.com www.mcafee.com dispatch.mcafee.com
0.0.0.0 download.mcafee.com mast.mcafee.com www.trendmicro.com
0.0.0.0 www3.ca.com ca.com www.ca.com www.my-etrust.com
0.0.0.0 my-etrust.com ar.atwola.com phx.corporate-ir.net
0.0.0.0 www.microsoft.com.

i dont think it did it in any other variants of mydoom so i think its definitely a possibility that you coulda had that. Could of maybe been a dns issue with your ISP or one of your servers at work too?
July 30th, 2004, 02:20 PM
kryptonic

It works fine for me.
July 30th, 2004, 02:27 PM
pooh sun tzu

Quote:

why would you want to go to microsoft.com anyway? You'd think it would be a good thing for it to be off the web

Because having it up and running means people can:

1. Download updates for one of the most used OSes in the world
2. Seek help and support from their documentation section
3. Order the free security CD updates
4. Beta testers report bug information back to MS regarding future security patches

Having microsoft.com online and working means a lot more people can patch their OS, and that means less zombine infections. Never underestimate the power one site alone can have, regardless of who owns it.