Hotmail attack deletes contacts, emails
The attack against Hotmail results in outgoing spam and the loss of all contacts and most sent e-mail.
Following a tip-off from Spotibot developer Andy Smith - who has first-hand experience of the phenomenon, having provided support to a family member affected by the crack - evidence of a co-ordinated attack against Hotmail users which aims to take over accounts and use them to send out spam for Chinese-based electronics websites has been uncovered.
The first thing a victim is likely to notice is a sudden loss of all sent e-mails - and possibly all e-mails full stop - along with the deletion of their entire contact list, mostly likely as a method to stop users easily warning people that the last message sent from the account was from the spammer behind the attack. So far, the attackers do not appear to be changing account passwords - allowing users to log back in and reclaim their accounts.
The messages sent out take the form of an advert offering iPhones at discounted prices from a variety of websites - all clones of each other, and all using 'junk' gibberish domains. The text of the message is usually a variation on "I ordered one black apple iphone 3gs 16gb from this website [redacted] weeks ago,today I've got it .Amazing,beyond my imagination, it's genuine and as good as I expected,but much cheaper.I'm pleased to share this good news with you! May all goes well for you."
Because the e-mail is sent directly from the affected Hotmail account, it can look extremely genuine - even including the signature set on the account. Strangely, however, there is evidence that the e-mails may be sent manually rather than automatically, with at least one report of a user's surname being misspelled in the outgoing e-mail - despite being correctly entered in the account details.
Microsoft's Windows Live Help site has a number of threads from victims of this attack, but so far there has been no official comment from Microsoft on exactly what is going on. However, Windows Live Help representatives are blaming "a certain Malware[, which] avoids well known anti virus technology" and harvests account details for the attacks - rather than a flaw in the Hotmail platform itself. Representative Angelica A claims that "Microsoft is already investigating to fix this," and points users at a document rather worryingly dated April 2009 - suggesting that these attacks have been going on for quite some time.
The good news for anyone caught out by these Hotmail attacks is that it is possible for Microsoft to recover the deleted contacts list by posting the affected e-mail address along with three of the deleted contact e-mail addresses in the company's Contacts & Address Book forum. The e-mails, sadly, appear harder to restore.
Has anyone here been caught out by the Hotmail crackers, or is Microsoft's explanation that the end user - and their poor anti-virus protection - is to blame for these attacks? Do you believe Microsoft's report that a virus is behind the account hijacking, or is the company attempting to hide a bigger flaw in itsHotmail security model? Share your thoughts over in the forums.
Previous Article
20 Comments
Discuss in the forums Replymost ppl use it to get into live messenger. then use gmail or wutever for their "real" emails.
Probably if you don't register to funky porn sites that won't happen...
GMail works fine. You can use it in live. I use my old ISP's email account for live tho.
I've always found GMail far and away the best free webmail service (despite the snooping and ads)
Instantly deleted.
Hotmail is okay so long as you set custom spam filter riles, use a serious alpha numeric password and change the secret question to something that can't be answered by someone who's read your Facebook profile.
Luckily didn't get my contacts & emails fudged, but that might have been due to fixing the infection within 15 mins.
Haven't had any problems since.
Hotmail for personal contacts
Yahoo for crap (like hey i want to download this patch, or try this new mp3 player and i need to register, ok, take my yahoo account :P) Oh, and Pr0n ofc :D
I use hotmail and have no problems really, I'm on my second account because the other was filled with litter and registered to a bunch of things that let spam and ad pass by the filters. Set up another account, no ad's or other kind of spam. Gmail isn't so interesting, the GUI isn't that appealing. Nevertheless, both are good email providers
well for facebook mine is blank no one will relalise its me becasue it has a different name to here and email
for the spam thing if you use soemthing lie google you can create spam account easily for example my email could be
john@btinternet.com
and the spam accould could be 123456@yahoo.co.uk
and as a reset question why not do something like "what is your hobby" answer papercraft (no one will guess that and dont try it on my email if you ever find it out i havent set one)
This!
I only ever get spam in my gmail spam folder, never inbox. My hotmail is set only to receive emails from known contacts, the rest in spam.
Also I am not retarded enough to click on crap.
What else would I use? I use MSN messenger, not AIM/Yahoo. And I have had this same account for the last 7 years of my life. It'd be more of a pain to change my e-mail then it would be to restore the contacts in my cellphone.
I can check it anywhere and I don't get nearly as much spam as I did when I tried Gmail.
*shrug* Each their own I'm sure, but Hotmail works for me.
Was anyone reminded of those dumb chain emails when they first read this article? Kinda ironic if you ask me.
Same here.
hotmail = friends/hotmail
gmail 1 = junk
gmail 2 = back up for uni/job related stuff
yahoo = yahoo answers and messanger
yahoo gets hit with so much spam its scary. all in junk folder tho. hotmail gets the least but it lets the most through into the inbox. gmail is by far the best for spam.
In all honest who cares what one you use? You click compose, enter address, type titel and message then click send. does it matter if your address it @hotmail or @yahoo or @gmail?
Hotmail filters our a serious amount of spam, their filters seem to be quite good ;-)
Hotmail is great at filtering spam, as is Gmail. I still use my Hotmail, but as a secondary account for onliine stores etc. Gmail is my primary, I switched because windows mobile started to force me to use the web interface instead of integrating it into outlook. Now I use an Android phone and it is pretty damn perfect.