News

Hotmail Accounts Getting 'Hijacked,' Microsoft Says

Microsoft pointed to e-mail account "hijacking" as becoming an increasing problem, especially among Windows Live Hotmail users.

In a blog post on Monday, the company warned that some Windows Live Hotmail users have noticed that their accounts have been "hijacked" by spammers. Users can log into hijacked accounts, but they unwillingly share them with a hacker.

According to Microsoft, a hijacked user account would allow a hacker to send e-mails to the user's contacts, which could result in both the user and those contacts unwittingly downloading worms onto a workstation. From there, such malware can spread to the network. 

Windows Live Hotmail, the e-mail service that powers Office Live Small Business, and other services such as Google's Gmail and Yahoo Mail, may be vectors for such attacks.

Security experts say this vector is among the most common client-side entry points for malware. Users are more likely to open and act upon an e-mail out of curiosity and then click on a link. They're also more likely to open an e-mail from someone they know.

The value of stolen or hijacked e-mail accounts has always been huge, according to Paul Henry, security and forensic analyst at Lumension.

"Initially, all you needed was to brute-force the user's password," he said. "Now, when you factor in the automation and organization of today's cyber criminals, seeing mass hijacking of e-mail accounts is simply a regular occurrence."

Randy Abrams, director of technical education at ESET, suggested that users of Microsoft's online services need better security information.

"Where Windows Live was correct in advising to obtain the most recent virus definitions, a nontechnical person at Office Live translated that to 'stay up-to-date on the latest computer viruses going around'," he said. "[But] staying up-to-date on the latest computer viruses doesn't really help. You need to understand the concepts to avoid them. There are too many new threats to keep up with them all."

Symantec's "State of Spam Report" (PDF here), released earlier this month, found that spam accounted for 89 percent of all e-mail messages in July. The spam rate for August was even more dire, according to a recent MX Logic report, which found that up to 94.9 percent of all e-mail messages were spam.

Spam that delivers images and links continues to have an impact, accounting for 17 percent of all spam in July, according to Symantec's report. A new version of "419 spam" has appeared in which "spammers tried to exploit VoIP services," according to Symantec. The company describes 419 spam as a message that alerts users about money they supposedly either inherited or won.

Adam O'Donnell, director of emerging technology at Cloudmark, said spam is growing rapidly and is increasingly targeting free e-mail sites. O'Donnell said password integrity at the user level and strong access control policies at the enterprise level can reduce risks.

"Hijacking [free accounts] is a common occurrence, and it is becoming more frequent as other vectors for sending spam are reduced," he said. "Users need to use strong and unique passwords on every Web account to help stop these kinds of attacks."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Touting Azure for Operators, Microsoft Joins SDN Standards Group

    As part of its Azure for Operators program, Microsoft this week joined a nonprofit standards association that focuses on SDN technologies used by enterprises and service providers.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Pilot Begins of Microsoft Teams-Salesforce CRM Integration

    A new capability that lets Microsoft Teams users access information from the Salesforce.com customer relationship management (CRM) platform debuted this week.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.