Microsoft hack may increase virus attacks

Experts said that the breach of Microsoft's internal network could trigger a wave of increasingly powerful virus and network attacks if software source code, the blueprint of any program, had been accessed by hackers.

On Friday afternoon Microsoft said it still didn't know exactly when the hackers penetrated its network, despite discovering the breach two days ago. It insists, however, that users have no need to worry about their own software and dismissed press reports that source code had been exposed as "speculation".

Microsoft, which has called in the FBI to investigate the breach, moved to reassure users that "the software on their machines is not in danger, we are confident of the integrity of our source code."

However, experts said they had doubts about this and pointed out that it could be months before the long-term consequences of the breach become clear. They said that if hackers obtained source code they could use it against business in two ways, although they are described as possibilities rather than probabilities.

Firstly, the hackers could insert their own code into software, which could be exploited after it has been released and deployed across business networks.

Secondly, the thieves could post the code to hacker communities, which would inevitably lead to better-informed attacks on networks, probably in the form of viruses like the Love Bug that tied many corporate email networks in knots this summer and cost business billions worldwide.

"It depends on how long they had access to the code, if at all," said Sal Viveros, a director of antivirus firm Network Associates.

"Access to these back doors could still be blocked by a properly configured firewall and antivirus software, as users would still have to gain passwords inside each network before they could go through them."

Meanwhile, commentators have said it is unlikely that the hackers would be caught, something Viveros agrees with.

"The FBI has a lot of tools at its disposal, but we've worked with them in the past on virus-writer cases and while there's a good chance they'll narrow it down, in our experience such cases are very difficult to prove. Also, hackers clever enough to inflict this kind of attack are likely to have covered their tracks effectively."