Microsoft Corp.'s main Web site was unreachable for almost two hours on Friday as the Web server it is hosted on failed following a DOS (denial of service) attack, according to the company.
"I can confirm a DOS attack on the Microsoft.com Web site. It started at 1.21 p.m. Pacific time and lasted for roughly one hour and forty minutes," a Microsoft spokesman said. "We have reported this to the appropriate federal law enforcement authorities and they are investigating this particular attack."
The denial of service was caused by "a malicious load of site requests," the spokesman said, but Microsoft has not yet determined where the attack originated or who could be behind it. However, the company has determined that its site did not go down as a result of a software flaw, nor was a flaw in any Microsoft product involved in staging the attack, the spokesman said. "This is not a Microsoft software issue," he said.
The attack hit only the Microsoft.com Web site, other Microsoft Web properties such as MSN, Hotmail and MSNBC were not affected, the spokesman said.
Microsoft's Web site is one of the most popular targets for attack on the Web and has suffered outages in the past. The company's site has also been attacked by exploiting unpatched software holes in Microsoft's own server software.
Microsoft did quite well fielding this attack, as sites typically go down for a longer period of time, according to Eric Siegel, principal Internet analyst at Web performance management services firm Keynote Systems Inc. in San Mateo, California.
"Usually DOS attacks are more catastrophic. Microsoft's performance in this attack was quite good," he said. "Microsoft has gotten better at fending off DOS attacks. I can see that the Microsoft systems were trying to recover. They were fighting. A couple of years ago these attacks were longer and the system would collapse completely."
Microsoft.com is part of Keynote's Business 40 index, which tracks performance and availability of what Keynote considers to be the 40 most important and well-connected business Web sites in the U.S. Data is collected from 25 major U.S. metropolitan areas and various Internet backbone providers.