Malware Responsible for New Windows Live Hotmail Hijackings

By spammers advertising an electronics website

  Windows Live Hotmail
Microsoft has warned customers of its free email service of a new wave of hijacks that is targeting Windows Live Hotmail accounts. According to the Redmond company, attackers use hacked Hotmail accounts in order to send spam to all the people in the victims’ contact list. Rob Margel, working in Windows Services and Content team in the UK, revealed that he was informed of the issue internally, but also pointed to an entry published on the Windows Live Solution Center, offering new details about the hacked Windows Live Hotmail accounts.

“Hotmail is seeing instances of accounts being ‘hijacked’ by spammers who send emails out advertising an electronics website. The spam mails usually have subjects like ‘Good shopping good mood’ and may go to your contact list in addition to a random list of emails. Indications that this is happening to you may include you being required to match the characters in the picture (to verify that you're a person and not an automated program) to send mails when you reach your limits,” Margel explained.

According to Microsoft, there are a number of symptoms that can be used to diagnose whether a specific Hotmail account was hacked. The Redmond company revealed that victims of hijackings typically saw deleted contacts and the safe sender's list removed. In addition, the settings of the account are changed with the Deletion of Junk messages set to “Immediately” and the Junk Mail Settings to “Exclusive.”

“The last symptom would prevent messages from being delivered to your Inbox,” Microsoft informed. “Some of the other account settings that might be affected by this issue are your Vacation reply and Signature.”

The software giant explains that spammers that have hacked Hotmail accounts don’t lock the legitimate owners out, but instead share the account with them. In this context, some users might find it very difficult to tell whether a third-party also has access to their account.

“Hotmail believes that this may be due to a virus on a computer that you have used to login to Hotmail at some point in the past. If you login and see in your ‘sent items’ folder mails that you haven't sent, or receive Non Delivery reports (NDRs) in your inbox, we recommend that you scan your computer for viruses and malware using a reliable Antivirus product. Once your computer has been cleaned, immediately change your current password to a ‘strong’ password,” Microsoft advised.

The company has so far failed to reveal which piece of malicious code is in fact responsible for the new hijackings of Windows Live Hotmail accounts.

37 Comments