Sunday, November 13, 2011

Hotmail Hacked

Avoid any suspicious emails from my Hotmail account.

I've talked about this before but the consensus was it was merely spoofing and was not directly tapping into my computer.

This time, others in my address book are getting spam purporting to be from me and failed delivery notices come back to me.

I did a full scan on McAfee and also Malwarebytes and it showed clean, and both of those are up to date, so I'm assuming it's a Hotmail issue...especially as it's not taking over address books from my LiveMail, Yahoo and GMail accounts.

The message:
Hey there!
despite the circumstances I stayed positive this came at perfect timing for me this showed that money is power I just had to share it with you
http://www.amdclub.ru/go.php?cadyq&29qaq=twitter.com&29muvi=mail.com&url=business7days.ru/profile/
bye

If you get it, don't click on the link.

Well, looks like what I'll be doing today has been determined for me.

Changed password. Further suggestions appreciated.

10 comments:

MamaLiberty said...

Look at gmail if you really want a web based email. And I would seriously suggest you consider getting rid of Microsoft altogether. It is a virus nightmare that is almost impossible to shield. Linux systems are pretty much immune to all the virus and malware crap.

Linux is now completely user friendly. If this old lady could do a complete install and run it on her own, anyone who can walk and chew gum can do the same. :)

Let me know if I can help. I'm no geek, but I have translated a lot from geek to English. LOL

Longbow said...

I did the same when I noticed spamming in the hotmail account and friends were telling me I was spamming them. I ran two different anti-virus programs on my machine and got nothing. A changed password fixed it. You probably will want to do that once a year or more often.

Be well and God bless,

LB

DesertRat said...

Get the full headers of the messages and post one here or e-mail it to someone who can make sense of them. It may be a spoof again, but there's no way to be sure without that information.

David Codrea said...

The only thing that makes sense to me: Had to take my Mom on Thursday to Summa for tests and used their wifi and accessed Hotmail on my laptop from there. My guess is the info on their network was not secure--looked at headers and don't really see anything damning--would prefer to not post as they contain edresses from my book--please let me know if anyone gets one of these suspicious emails after 9:00 a.m. today--hopefully the pw change will do it as virus and malware scans come up negative.

danno said...

They may have just caught your password. Happened to my SIL too. Changing her password solved the problem.

TinCan Assassin said...

Contact Borepatch through the edress on his blog, he specializes in Internet Security.

Anonymous said...

Anyone can spoof any From: header they want.

Chances are it's a non-issue.

Are the alleged outbound messages in your Hotmail sent folder? That would be bad.

Look at the Received: headers of the offending messages that have been received. Do they originate from Hotmail (probably not).

If hotmail has done things right, you can use it over insecure networks (such as hospital WiFi) without fear as long as you connect to valued sites (like hotmail) using https, and as long as hotmail doesn't drop you back to http and transmit an auth cookie in the clear (ala firesheep).

swiontek3625 said...

Your machine is clean. Your password and contacts were captured by a spambot. Changing your password will end the spam from your account. However, if any of the people who got the email, clicked on the link, then their email accounts are compromised and they should change their passwords also.

UncleMike's1897 said...

Same thing happened to me two weeks ago. I used a very strong (non-word based) password on my Hotmail account and, like you, had spam messages sent to everyone on my contacts list. As expected, a system scan for baddies turned up negative. This leaves me wondering if there is some sort of vulnerability being exploited for access to Hotmail accounts. In any case I changed my password but ended up abandoning the account to be safe in the future.

Mark Matis said...

Does your malware protection detect FedGov toys, such as the software that our German friends have been caught using on THEIR Mere Citizens:
http://www.dailytech.com/German+Govt+Admits+to+Using+Possibly+Illegal+Trojan+to+Spy+on+Citizens/article22991.htm
You HAVE been a PITA to FedPig. And they don't NEED no steenkin' warrants. If you're running Microsoft products on your computer, you should expect that there are backdoors that FedGov can access. Or do you REALLY think that the DOJ rolled over after they had won the Microsoft antitrust case and the judge had proposed the "Ma Bell" solution of breaking up Microsoft (note that is STILL the proudest accomplishment of the DOJ) without getting SOMETHING important in return?