One of my colleagues told me to look at www.microsoft.ie. I did and I took a screen shot:
That, on the face of it, would look like Microsoft were hacked and someone had defaced the Irish site. I checked the genuine MS Ireland URL and it was OK. A quick lookup on DNSTools and I found this:
% Information related to ‘80.93.17.0 – 80.93.17.255’
inetnum: 80.93.17.0 – 80.93.17.255
netname: nov-sh
descr: Novara Shared Hosting
country: IE
admin-c: nov23-ripe
tech-c: nov23-ripe
status: ASSIGNED PA
mnt-by: mnt-novara32
mnt-lower: mnt-novara32
mnt-routes: mnt-novara32
source: RIPE # Filtered
person: Eoin Costello
address: 3, North Earl Street Dublin 1, Ireland
phone: +35318583091
nic-hdl: nov23-ripe
source: RIPE # Filtered
% Information related to ‘80.93.16.0/20AS31122’
route: 80.93.16.0/20
descr: Novara Route Object
origin: AS31122
mnt-by: DIGIWEB-MNT
source: RIPE # Filtered
Novara was acquired by Digiweb a while ago. It looks like someone set up a DNS record to point to a site hosted on their shared service web servers. Ouch!
EDIT:
This looks like a DNS hack was perpetrated on Digiweb. I cannot say for definite but that’s what it smells like to me. It looks like stuff that was 100% outside of MS’s control.
EDIT #2:
And for the twits wearing tinfoil hats: No, the Microsoft Ireland site was not actually defaced. The .ie DNS record just redirects to the Ireland subpages of corporate. That record (it looks as if it was Novara hosted but I could be wrong) was altered and a fake page on a Novara/Digiweb server was set up.