Is there a Hotmail hack going around?

Dissociater

So over the weekend I got two e-mails from a friend with just a link in the body. It appeared to be a google link, but instead it just went to a crappy page about buying Viagra and junk like that. So I let her know about it and she changed her hotmail password, deleted her contacts, etc. But today I got another e-mail this time from my wife's e-mail address, same thing.

Is there something going around? Does anyone know anything about this? Or maybe, does anyone know any other websites that I can check out that might have info about something like this?

bowen

The link probably watches what valid email address go to the page and then uses the email address in the "from", being spoofed of course.

I wouldn't rule out a virus or something, but that seems unlikely with hotmail.

Dissociater

bowen wrote: »

The link probably watches what valid email address go to the page and then uses the email address in the "from", being spoofed of course.

I wouldn't rule out a virus or something, but that seems unlikely with hotmail.

I don't think its a virus, since my friend, who sent us the first fake e-mail is running on a Mac, and we're using Windows 7. Is there any way to tell if its a spoof? It looks like its a real address, and it's a mass e-mail being sent to a dozen people, and they're all real addresses (I asked my friend if she knew those other e-mail addresses and they're all people she knows).

MoSiAc

I've been getting a lot of random "check this link" msg's from messenger so I know those things float around pretty often.

bowen

Dissociater wrote: »

bowen wrote: »

The link probably watches what valid email address go to the page and then uses the email address in the "from", being spoofed of course.

I wouldn't rule out a virus or something, but that seems unlikely with hotmail.

I don't think its a virus, since my friend, who sent us the first fake e-mail is running on a Mac, and we're using Windows 7. Is there any way to tell if its a spoof? It looks like its a real address, and it's a mass e-mail being sent to a dozen people, and they're all real addresses (I asked my friend if she knew those other e-mail addresses and they're all people she knows).

Check the headers of the email. Post them here if you can. Not sure how hotmail does it or if hotmail even lets you check that.

Dissociater

bowen wrote: »

Dissociater wrote: »

bowen wrote: »

The link probably watches what valid email address go to the page and then uses the email address in the "from", being spoofed of course.

I wouldn't rule out a virus or something, but that seems unlikely with hotmail.

I don't think its a virus, since my friend, who sent us the first fake e-mail is running on a Mac, and we're using Windows 7. Is there any way to tell if its a spoof? It looks like its a real address, and it's a mass e-mail being sent to a dozen people, and they're all real addresses (I asked my friend if she knew those other e-mail addresses and they're all people she knows).

Check the headers of the email. Post them here if you can. Not sure how hotmail does it or if hotmail even lets you check that.

What information do you need? I got the e-mail in my gmail account, it was only sent from her hotmail account.

It has all the e-mails it was sent to listed, and underneath it:

date Tue, Feb 2, 2010 at 8:50 AM
mailed-by hotmail.com

bowen

1. Log in to Gmail.
2. Open the message you'd like to view headers for.
3. Click the down arrow next to Reply, at the top-right of the message pane.
4. Select Show original.

The full headers will appear in a new window.

=================

It should be most of the stuff at the top of the message.

Dissociater

OK, there's a bunch of stuff there. Some IP numbers, return path, received from, etc. I don't really know what to look for, exactly.

I'd copy and paste, but I don't know about sharing e-mails and ip numbers in a forum.

bowen

Dissociater wrote: »

OK, there's a bunch of stuff there. Some IP numbers, return path, received from, etc. I don't really know what to look for, exactly.

I'd copy and paste, but I don't know about sharing e-mails and ip numbers in a forum.

You should be good. Take out the email address you don't want to share and/or PM it to me and I'll look to see if it was spoofed. Pretty much all of that junk is needed sometimes.

FyreWulff

Willing to bet it was just spoofed from those addresses. Like how it's all the rage these days to look like spam emails are from yourself. Why yes, I sent myself an email about cheap easy Florida loans.

Bionic Monkey

I got the same thing from one of my junk e-mails, that happened to have my regular e-mail in the contacts. I also got several "Postmaster Cannot Deliver" messages about the old and out of date e-mails in the inbox for the supposed culprit e-mail.

I removed all contacts from that e-mail, and changed the password, so hopefully nothing will come of it.

bowen

The originator of said email is based in the UK and OP said he doesn't know of anyone who would be from the UK sending it. Looks as if they're using that old sendmail spoof though. How they got the emails is anybody's guess.

Dissociater

Yeah, that's the part that raised my eyebrows. All the addresses on the send list were people from her contacts. Including an old work e-mail address of my own from 3-4 years ago. So obviously it hasn't been used in a long time, and likely was pulled from her contact list somehow.

I'll be checking for viruses tonight.

Ganluan

Many times they farm e-mail addresses from chain letters or even viruses on a user's machine. I know viruses like Blaster spread by reading a potential "infectee's" address book and making it appear as if the e-mail was coming from someone they knew.

At a previous job we got a lot of angry calls from people who told them our IT support had sent them a virus, when in actuality the virus had just randomly pulled our address from the user's address book.

bowen

Yeah or they hotlink a complicated img script that ties in with the chain mail they sent out and see how many successful reads they get. I've seen this one a lot more frequently lately.