Spam Sent From My Hotmail

[ClaytonSeymour]

I currently have two hotmail accounts, when I opened one of them up this evening, I noticed severaly delivery failure notice messages. On opening them up I quickly realised that a spam email had been sent from my account to my contacts. The contents of the email are as follows:

Dear friend, Happy New Year 2009! I guesss that you need to purchase some fashionable electronic products for your family or business, so i'd like to recommed you pay a visit to www. sovcy.com I have bought some products such as HDTV and laptop from them, and the price is amazing.According to their professional service attitude and efficiency,only spending 3-5 days you can enjoy your favorite ordering products, I strongly recommend this sincerety company to you, their website is www. sovcy.com, i promise you will get satisfactory replity! Hope to your good news and happy new year! Yours sincerely

I suspect this problem originates from using my laptop in Thailand, or Hong Kong (apparently, sovyc is the Taibo export company based in Shenzhen). I also logged onto my hotmail at an internet shop in Buriram.

I had to dash out to work, so I didn't have time to run a virus scan on either my desktop (last scan six days ago), or laptop (ran a full scan only yesterday).

I've run a few google searches with various strings of the text of the message to no avail.

I'll run full virus scans when I get home, in the meantime, has anyone else encountered this? I guess it's either a worm & or someone has got hold of my hotmail password (I've now changed my password).

[OxfordWill]

not actually sent from you. spoofed "spoofing" is the term to google.

nothing to worry about, nothing you can do to help/stop it

[katana]

not actually sent from you. spoofed "spoofing" is the term to google.

nothing to worry about, nothing you can do to help/stop it

How did the spoofer get his contacts though?

[OxfordWill]

good point I overlooked.. I wonder if all contacts really received or just some.. such as just the @hotmail contacts. that would be explained by spoofing (where they not only spoof from but spam to a dictionary of potential email addresses, many of which wont exist).

If all his contacts did receive (and only his contacts, no other unknown returned addresses), next bet is through a service which he gave his hotmail username and password too such as a social network..

Spammers usually wouldnt bother to phish hotmail, the return not worth the effort of phishing the login just to spam for a shop.

Edited January 17, 2009 by OxfordWill

[IMA_FARANG]

not actually sent from you. spoofed "spoofing" is the term to google.

nothing to worry about, nothing you can do to help/stop it

Not completely true. If it doesn't occur again after the password is changed, it might just be that somehow he/she got your password.

Otherwise you may have a backdoor worm installed in your computer/laptop when you logged in from the public access internet point. This would allow the hacker to access your computer through a backdoor when you are online.

If your virus software is up to date, run a scan looking for any virus/worm/trojan signatures. Norton antivirus will do that. If your virus software is not up to date (updated no more than within the last week), run a virus update from them online. Then run a scan. Hopefully it will find the worm or trojan and remove it, or block it. Also you should be using a firewall if you use the internet regularly. Hotmail lets you refuse to accept emails except from adresses you know and are sure of.

Beware of logging in to hotmail.especially if the first time you think your password is correct but a error message comes up saying your password is wrong. There are programs out there that hackers use that LOOK LIKE a real log in site. When you first attempt to log on the hacker trojan stores your password on your computer. It then sends a error message telling you to retype your user name/password. The second time you log on, it sends your password to hotmail (or another similiar email site). So you get logged in the second time. You may just think you made a mistake in typing it the first time. Later the hacker can access your computer through the backdoor, and get your password. That's why, if you get rejected the first time, and then log in, it is a good idea to change your password immeadiately when you finally do log in. That way, if the hacker does get your old password, it will be already out of date.

I know it is a pain in the a## to change passwords often, but you need to be careful. If all that happened was that someone sent a phony email supposedly from you trying to sell some electronic equipment, you were lucky. They could have got access to your bank accounts...and that could have cost you a lot of money.

Edited January 17, 2009 by IMA_FARANG

[ClaytonSeymour]

Thanks for the replies.

Logging in to hotmail with a 'incorrect password' rings a bell - it happened a couple of days ago. The problem does appear exclusive to this account as it hasn't (yet) affected either my other hotmail account or, the Wife's hotmail account, but they have received my recommendation to visit sovcy.com.

It would appear that the message has been sent to all my contacts & not just hotmail accounts. The returned messages were from old contacts who are no longer using those email addresses, along with a couple of automated messages from companies who I applied for work with years ago, advising that they weren't recruiting at the moment.

I'll certainly run virus scans when I get home. Both PC's are firewalled & so is my wireless connection. I'm running Norton Internet Security on my desktop & McAfee Internet Security on the laptop - both are up to date.

Edited January 17, 2009 by ClaytonSeymour

[theoldgit]

Somebody hacked into my Hotmail account and sent spoof malicious emails to all my contacts, and managed to delete all of my stored emails, they then changed my password. Microsoft allowed me access again and restored all the missing files, only for them to be deleted again. They then restored them again, and I have put them somewhere safe, I now change the password every few days.

My Gmail account was also hacked into with malicious emails being sent to all my contacts, as well as the contacts of my contacts, amounting to almost 300 around the world. The settings of the account were changed to copy all my emails to a third party.

This person also got into my Thai-visa account, changed the password and the linked email address to their own, again a number of posts were sent in my name. I was able to get back in with the help of a moderator, I asked for my account to be closed, which it was though it was, I was a bit miffed at the "banned" label.

I know who is behind it, though proving it is another matter. Microsoft have been great, though Google not so, I have reported the matter to the police though I am not sure how seriously they will take it.

For the life of me I don't know how it was done, perhaps I was a bit lax with my passwords. Perhaps I should have spoken to you "Oxford Will" with your background you would have given me the answers.

The purpose of this posting is to warn others of how easy it seems to be to become the victim of a cyber assault.

[ClaytonSeymour]

I have just logged onto the wife's hotmail account to review the message I sent her. It was sent from the following IP address:

115.49.66.140 which belongs to the CNC Group, Henan province network.

According to WhatIsMyIPaddress.com, this IP address is blacklisted by uceprotect.net.

[OxfordWill]

ima-farang what you describe is not the usual MO for spammers.

clayton that doesnt make sense as emails from hotmail addresses come from hotmail servers not the ips of the people who may be writing them.

[ClaytonSeymour]

ima-farang what you describe is not the usual MO for spammers.

clayton that doesnt make sense as emails from hotmail addresses come from hotmail servers not the ips of the people who may be writing them.

I've just tried this out by sending hotmails to myself, my wife & a colleague from work & hotmail, in all cases, when viewing the the message source the IP address correctly identified our locations along with our service providers names. So, it would appear that hotmail does indeed show the IP address of the person who forwarded the original email to the hotmail servers. This would confirm that someone who uses the CNC, Henan province network has been accessing my hotmail account. Hopefully, that's all they've been accessing.

I've now sent the message to msn, so I'll post any feedback I receive.

In the meantime, I've run full system scans on both the desktop & notebook - nothing.

[OxfordWill]

so youre actually talking about emails relayed through hotmail not sent from having logged into your hotmail acct in a web browser.. what type of relaying do you have set up?

[ClaytonSeymour]

so youre actually talking about emails relayed through hotmail not sent from having logged into your hotmail acct in a web browser.. what type of relaying do you have set up?

No, I'm talking about logging into hotmail in IE 7 and sending emails. On viewing the message source it correctly shows the originating message has having originated from my PC (ISP Virgin Media) & my colleagues PC (BT).

[onethailand]

Do you use MSN Messenger? If so, you probably got infected through there.

Ever get strange messages from your contacts, like those inviting you to join some cool networking site that you've never heard of?

Click on one of those and the web page will load some malicious script.

The best way to solve this is to:

1. Run an up-to-date virus checker

2. Change your Hotmail/MSN/Windows Live password.

[basjke]

Do you use MSN Messenger? If so, you probably got infected through there.

Ever get strange messages from your contacts, like those inviting you to join some cool networking site that you've never heard of?

Click on one of those and the web page will load some malicious script.

The best way to solve this is to:

1. Run an up-to-date virus checker

2. Change your Hotmail/MSN/Windows Live password.

I recieved a while ago some similar messages from friends with a hotmail account which they didn't know about.One of them hadn't even logged in at his hotmail for ages.I did a search on google and it showed me that it is a virus or trojan that goes through your messenger contacts.Do a google and you will find out.

[ClaytonSeymour]

Do you use MSN Messenger? If so, you probably got infected through there.

Ever get strange messages from your contacts, like those inviting you to join some cool networking site that you've never heard of?

Click on one of those and the web page will load some malicious script.

The best way to solve this is to:

1. Run an up-to-date virus checker

2. Change your Hotmail/MSN/Windows Live password.

I haven't used messenger, other than as an access point for my hotmail for at least three months, I don't even have it on the laptop. As I said earlier, initially I suspected it was from an internet shop, or wi-fi, however, the point IMA_FARANG made about logging on to a lookalike hotmail site seems plausible - I did attempt to log onto hotmail three days ago & my first attempt showed an incorrect password - lazily, on that occasion, I'd also googled hotmail to get to the log on page.

I've run up todate scans on both the desktop & laptop. I changed the password yesterday evening as soon as I realised what had happened. No more messages have been sent since & there still doesn't appear to be anything amiss with either the Wife's, or my other, hotmail account.

[basjke]

Take a look at the following link and you will see how it is possible to send spam from your hotmail account without your knowledge.

http://cotojo.wordpress.com/2007/12/07/blo...-more-bad-news/