Reports are circulating the web of a Hotmail crack resulting in the loss of saved e-mails and users' entire contacts list, along with spam being sent out from the affected accounts.
Following a tip-off from
Spotibot developer Andy Smith - who has first-hand experience of the phenomenon, having provided support to a family member affected by the crack - evidence of a co-ordinated attack against Hotmail users which aims to take over accounts and use them to send out spam for Chinese-based electronics websites has been uncovered.
The first thing a victim is likely to notice is a sudden loss of all sent e-mails - and possibly all e-mails full stop - along with the deletion of their entire contact list, mostly likely as a method to stop users easily warning people that the last message sent from the account was from the spammer behind the attack. So far, the attackers do not appear to be changing account passwords - allowing users to log back in and reclaim their accounts.
The messages sent out take the form of an advert offering iPhones at discounted prices from a variety of websites - all clones of each other, and all using 'junk' gibberish domains. The text of the message is usually a variation on "
I ordered one black apple iphone 3gs 16gb from this website [redacted
] weeks ago,today I've got it .Amazing,beyond my imagination, it's genuine and as good as I expected,but much cheaper.I'm pleased to share this good news with you! May all goes well for you."
Because the e-mail is sent directly from the affected Hotmail account, it can look extremely genuine - even including the signature set on the account. Strangely, however, there is evidence that the e-mails may be sent
manually rather than automatically, with at least one report of a user's surname being misspelled in the outgoing e-mail - despite being correctly entered in the account details.
Microsoft's Windows Live Help site has a
number of threads from victims of this attack, but so far there has been no official comment from Microsoft on exactly what is going on. However, Windows Live Help representatives are blaming "
a certain Malware[, which] avoids well known anti virus technology" and harvests account details for the attacks - rather than a flaw in the Hotmail platform itself. Representative Angelica A claims that "
Microsoft is already investigating to fix this," and points users at a
document rather worryingly dated April 2009 - suggesting that these attacks have been going on for quite some time.
The good news for anyone caught out by these Hotmail attacks is that it is possible for Microsoft to recover the deleted contacts list by posting the affected e-mail address along with three of the deleted contact e-mail addresses in the company's
Contacts & Address Book forum. The e-mails, sadly, appear harder to restore.
Has anyone here been caught out by the Hotmail crackers, or is Microsoft's explanation that the end user - and their poor anti-virus protection - is to blame for these attacks? Do you believe Microsoft's report that a virus is behind the account hijacking, or is the company attempting to hide a bigger flaw in itsHotmail security model? Share your thoughts over in
the forums.
Want to comment? Please log in.