5

A colleague of mine seems to have had their hotmail account hacked - lots of spam is being sent from their account to their contacts, and the spams show up in their Sent folder so they're definitely being sent from that account.

Curiously, though, the hacker has not changed the hotmail password (to lock the original owner out) and also even though the owner has changed their hotmail password several times, the spam emails continue to be sent.

Does this mean that one of the owners computers has been compromised (so that the hackers get access to the new password after each password change), or is there some hotmail hack that can bypass the password check altogether?

So basically, how can my colleague fix their hotmail?

codeulike
  • 1,200

3 Answers3

11

There are several possibilities:

  1. One of your colleague's computers is infected with some sort of keylogger.

  2. One of your colleague's computers is infected with a password sniffer.

  3. One of your colleague's computers is a zombie (part of a botnet) and sends the mails directly (possibly using the hotmail cookie).

Since only the hotmail account seems to be compromised, I'd rule out 1 (credit cards are much more interesting).

MSN Messenger and Internet Explorer are both vulnerable to password sniffing, so if your colleague stores his passwords, 2 is also an option.

Option 3 is different from the other two (and easier to detect), since it implies that the emails are actually sent from one of your colleague's computers.

  • If you look at the time the emails have been sent, you should be able to figure out which computers where turned on at the time.

  • Also, each email sent by hotmail contains a X-Originating-IP header that will help identify the computer it was sent from. Just ask one of the affected contacts for this information.

In any case, the fix is the same:

  1. Identify the infected computer.

  2. Remove the malware (virus scanner, browsing registry keys in safe mode and formatting the hard disk are your basic options).

  3. Change the hotmail password one last time.

Dennis
  • 50,701
1

It all sound plausible, but I do not think this is what happens.

I think a hacker deliberately targets your EMail address at Hotmail by intercepting an internal message and then pinches your password. I do not how they do it. But the remedy should be to change your password.

At least I hoped this works because I was hacked and spam sent out on 20 May 2012. The hack may have occurred a couple of weeks earlier.

At first Hotmail blocked my account because somebody was attempting to send out spam. I changed my password and then the account was compromised. This all happened in May after the bug was meant to have been fixed.

In trepidation in case it occurs again. My password for Hotmail was different from other passwords, so it was not obtained elsewhere. No malware or viruses were found on my computer.

Andy Horton
  • 11
0

It could be that the hacker is joe jobbing which means that they haven't really hacked your colleagues account, but that they are sending emails out pretending to be him/her by forging the "from" addresses and email headers.

To find out, you're going to need to compare the headers from a valid email from your colleague against one of the spam messages. If they are radically different, then the good news is that I would be right.

However if I am right, then the bad news is that they are going to have problems preventing the spammer from doing this. Complaining to the upstream provider might work, but it could easily fall on deaf ears.

Richard
  • 6,420