Hackers who broke into Microsoft's computer network viewed source code for an upcoming product, but haven't stolen or altered any software, says a company spokesman.
"There was one piece of software where the code may have been viewed, but no evidence any code was modified," says Microsoft spokesman Matt Pilla.
The intruders, whom Microsoft believes have had access to its systems for about three months, viewed source code-the secret software blueprints for Microsoft's products. But they didn't access code for the company's most popular products, including Windows 2000, Windows ME, and Office. Pilla declined to say what type of software hackers had accessed. "The situation appears much narrower than originally reported," he added.
Microsoft security employees discovered the break-in Wednesday after they found that internal passwords were being siphoned to an E-mail address in St. Petersburg, Russia. Microsoft called the Federal Bureau of Investigation on Thursday. The agency is investigating the matter.
Microsoft president and CEO Steve Ballmer told reporters Friday in Stockholm, Sweden, where he was giving a speech, that the hackers had viewed source code, but hadn't modified it. The break-in was "not very" damaging, Ballmer said, "but we want to make sure it doesn't get that way, and that's why we called in the FBI."
Security experts say hackers apparently used a well-known worm, or Trojan horse, called QAZ, discovered in China three months ago, but that antivirus software applications should have detected the worm. For IT departments, the lesson may be to stay vigilant at all times. Says Pete Lindstrom, a security analyst at Hurwitz Group, "Here is Microsoft being hacked. If you thought you were safe, you're not."