Toggle navigation

Hotmail sending spam?

March 16, 2010

Over the past few months Hotmail users have been made aware of  hijacking of user accounts on the free Microsoft email service. Once access is obtained, still by unknown means, the hijackers send spam to the whole address book of the victim. There have also been reports of emails or contacts being deleted, and emails being sent to unknown address or other spam lists.

Microsoft seems to think that there is a phishing attack getting the user credentials or this is the work of a virus/worm. My guess is that it is a full on assault on Hotmail using both methods. Just today I received an email from a known contact with this in the body:

Hello,
So amazing!I ordered one black apple iphone 3gs 32gb from this website [link removed] www.savyou.com one weeks ago,today I’ve got it .Far from my  imagination, it’s genuine and as good as I expected,but much cheaper.I can’t help sharing this good news with you! May all goes well for you.Cheers!
Jay

An interesting part to this email is that this is a standard closing that this person uses, perhaps in a signature file. At the end of the day this becomes a nightmare to email system administrators. This is a significant amount of spam coming from a previously trusted source. I have not tested out the link that I removed above but I am guessing that if I visit that site there will be a drive by download of a virus or trojan.

My preferred free web based email  service is Gmail, it may be time for every loyal Hotmail user to consider switching.

7 Responses to Hotmail sending spam?

  1. UPSET WITH SPAM 2 says:

    hELLO, I TO HAVE BEEN HAVING AN ISSUE WITH HOTMAIL, AFTER 13 YEARS OF MY ACCOUNT, THE PAST HREE MONTHS SPAM HAS BEEN SENT AND SOTRED IN MY EMAIL ACCOUNT. tO THE POINT WHERE I CAN NOT ACCESS MY NORAML EMAILS, COMMUNICATE WITH PEOPLE, NOT TO MENTION THEY ARE GETTING SPAMMED WITH CRAP ON MY BEHALF. I HAVE CHANGED MY PROPERTIES, ADJUSTED MY JUNK MAIL FOLDER AND DELETED AND REDELETED MY INBOX AND SENT FILE (SENT FILE IS FULL ONCE A DAY) IT IS VERY FRUSTRATING AND UNFORTUANTE THAT WE (USERS) BECAUSE OF DUMBA$$ HIJACKERS WE HAVE TO START ALL OVER!
    KARMA……..

  2. Trying to figure it out says:

    Found an unknown person in my list of contacts, and recognized the profile picture from a Facebook ‘person’ that I clicked on. I believe that I clicked the person’s profile picture, and in order to view the person’s pictures, one had to accept the posting person as a contact. Apparently after accepting the person as a contact, there was a script (non-viral) somehow adding the person to my Hotmail account as a contact, then they were able to pull my contacts from Hotmail, and send spam from their email account with my address as the sender. I have of course removed the contact from my Facebook and Hotmail accounts, but once they have my contacts and email address… Using this method, the attacker can continue to send email to the contacts, and with my address as the sender, even if I close the account. Only action would be to send an email to all of my contacts informing them to block my email address, and then open a new account. I would rather wait it out to see if it stops.

  3. Dan Farris says:

    Normally, I just delete mail I don’t recognize and I have had very little annoying emails. I began receiving this span yo uspeak of plus “delivery failure” messages since I clicked on a link to remove me from a mailing list.

  4. I had my hotmail for the entire 13 years hubby and i met and married

    I had photos, tax info and everything in my hotmail– i am not donald trump and have nothing for anyone to hack!!

    i am using other email now but i hate that i lost my photos

  5. Cat's Staff says:

    Make sure you are not using the same password in multiple places!!!! (I usually don’t use that many exclamation marks in one day). It’s not very likely Hotmail was hacked (although possible). It’s likely some minor insignificant site that is run by one or a couple people who have less time to be concerned with security was hacked. If you were using your Hotmail email as the login and the same password, that’s how they got access to your Hotmail account…no Hotmail hacking required. The other possibility is phishing (make sure you can see the address bar on your browser and look each time you enter something important like your important passwords).

    The suggestion I give everyone is to download something like KeePass. Windows users should use the ‘classic’ version 1 KeePass because it’s more compatible with other platforms. Mac/Linux users search for KeePassX. Have one strong, memorable password for your KeePass file, and use it to make strong, unmemorable ones for sites you visit, especially ones you don’t visit often. KeePass can generate a good 16 character password of random characters like cha3RugaNu3paPha and you can keep it stored in there. Use your easier to remember password to get into KeePass and copy it out and paste it into the password box on the webpage. If that site gets hacked and the hacker get all the logins and passwords, they only get the password you used on that site. Regularly copy your KeePass file (ends in .kdb) to a flash drive and stick it in your car in case of a house fire. The kdb file is encrypted, so you don’t need to worry about someone finding it.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>