Hotmail Accounts Getting 'Hijacked,' Microsoft Says

Microsoft pointed to e-mail account "hijacking" as becoming an increasing problem, especially among Windows Live Hotmail users.

In a blog post on Monday, the company warned that some Windows Live Hotmail users have noticed that their accounts have been "hijacked" by spammers. Users can log into hijacked accounts, but they unwillingly share them with a hacker.

According to Microsoft, a hijacked user account would allow a hacker to send e-mails to the user's contacts, which could result in both the user and those contacts unwittingly downloading worms onto a workstation. From there, such malware can spread to the network. 

Windows Live Hotmail, the e-mail service that powers Office Live Small Business, and other services such as Google's Gmail and Yahoo Mail, may be vectors for such attacks.

Security experts say this vector is among the most common client-side entry points for malware. Users are more likely to open and act upon an e-mail out of curiosity and then click on a link. They're also more likely to open an e-mail from someone they know.

The value of stolen or hijacked e-mail accounts has always been huge, according to Paul Henry, security and forensic analyst at Lumension.

"Initially, all you needed was to brute-force the user's password," he said. "Now, when you factor in the automation and organization of today's cyber criminals, seeing mass hijacking of e-mail accounts is simply a regular occurrence."

Randy Abrams, director of technical education at ESET, suggested that users of Microsoft's online services need better security information.

"Where Windows Live was correct in advising to obtain the most recent virus definitions, a nontechnical person at Office Live translated that to 'stay up-to-date on the latest computer viruses going around'," he said. "[But] staying up-to-date on the latest computer viruses doesn't really help. You need to understand the concepts to avoid them. There are too many new threats to keep up with them all."

Symantec's "State of Spam Report" (PDF here), released earlier this month, found that spam accounted for 89 percent of all e-mail messages in July. The spam rate for August was even more dire, according to a recent MX Logic report, which found that up to 94.9 percent of all e-mail messages were spam.

Spam that delivers images and links continues to have an impact, accounting for 17 percent of all spam in July, according to Symantec's report. A new version of "419 spam" has appeared in which "spammers tried to exploit VoIP services," according to Symantec. The company describes 419 spam as a message that alerts users about money they supposedly either inherited or won.

Adam O'Donnell, director of emerging technology at Cloudmark, said spam is growing rapidly and is increasingly targeting free e-mail sites. O'Donnell said password integrity at the user level and strong access control policies at the enterprise level can reduce risks.

"Hijacking [free accounts] is a common occurrence, and it is becoming more frequent as other vectors for sending spam are reduced," he said. "Users need to use strong and unique passwords on every Web account to help stop these kinds of attacks."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus