I tried to help someone whose computer had been infected by the Nimda worm. After the computer was disinfected, and before my friend even used that computer again, she complained that all her contacts (in her Hotmail Contacts list) suddenly started getting virus attachment emails which appear to be sent from her Hotmail account -- even though she wasn't using the previously infected computer -- and wasn't sending them anything. She is sure the other computers she is using are well-protected and "clean". I had advised to her close the Hotmail account -- but, nevertheless, it's hard to believe the Hotmail servers are this vulnerable -- and if they are, how can she be sure she won't have this problem with another Hotmail account? There are additional issues -- but first, I want to be sure this is really the root of the problem at this point: an infected account on the Hotmail server.
Hotmail definitely has its problems, but this probably isn't one of them.
While someone's got a virus, it's not Hotmail. And it's probably not you.
But it might be someone you know.
•
First, realize that Hotmail isn't running mail software like you and I run. Hotmail, and other mail services, run custom software that is tuned for being mail servers - for collecting and delivering mail on behalf of customers. The "address book" that you see on screen is most likely stored on the Hotmail servers in a custom and undocumented format that would be near impossible to reverse engineer without direct access to the Hotmail datacenter. None of the current sets of viruses would have a clue as to what to do with it.
That brings up another argument against Hotmail being hacked: for many, many reasons, I'm sure that Microsoft and Microsoft related servers are some of the biggest targets for hackers on the planet. You can bet that these are some of the best secured Windows servers in existence. From industrial strength firewalls to totally secured and locked down datacenters in undisclosed locations, Microsoft servers are well guarded.
Finally, if there were any kind of a security breach or problem, you know that Microsoft would be all over it as fast as is humanly possible - taking the service down if necessary to protect its customers.
So, no, I don't believe Hotmail has been hacked, or has any kind of infection.
So where's the mail coming from?
It's much more likely, and in fact very common, that another PC belonging to a regular computer user has been infected with a virus. In fact, I've seen some incredibly high estimates of the numbers of infected machines that are sending out spam and viruses. One of the things that these spam-sending zombies do is fake the "From:" line on the email that they send. It looks like it came from your Hotmail account, but in fact it came from somewhere else entirely. A quick look at the details of the mail header usually confirms this.
I've discussed this at length in an earlier article "Someone's sending from my email address! How do I stop them?!".
The bottom line is that there's actually little to be done other than, as you have already, make sure that your machines are protected and scanned regularly for spyware and viruses making sure that the scanners are up to date, using a firewall, and using common sense with a liberal dose of skepticism.
Related:
Article C2554 - February 13, 2006
"Finally, if there were any kind of a security breach or problem, you know that Microsoft would be all over it as fast as is humanly possible - taking the service down if necessary to protect its customers.
So, no, I don't believe Hotmail has been hacked, or has any kind of infection"
I very much disagree with you. Hotmail finally admitted/confirmed that there was indeed a security breach and that someone had hacked into my account and was using my email address to send viruses to everyone in my contact list as well as any email addresses contained in messages in my inbox/folders. While my virus protection is updated, I have scanned my computer using the program suggested by MSN (nothing found), I have changed passwords and secret passwords on the account many times and have emptied out my entire hotmail account (contacts/messages). Despite this, messages are still going out several times a day to everyone (not just my contact list) - I know this because I am receiving the bounce backs from servers which have rejected the virus attachments as well as bounce backs from no longer valid addresses. I have been trying for three days to close the account entirely so that people at least will get a message saying the account is closed so people will know I have tried to take some action. Very serious breach - not just a random attack. I have since switched to gmail.
Posted by: KH at May 11, 2006 9:26 AMYour account being hacked is NOT the same as the HotMail servers being hacked.
Posted by: Leo at May 11, 2006 6:56 PMI do not know who is right, I do not want to argue with whom, I just want to get solution.
I have same problem as KH, even if I have not used
my Hotmail account for a couple of days.
It keeps sending some email to my contact list.
It is pretty buging me.
Do you guys have some solution or suggestion?
Thanks
Posted by: Jeff at January 4, 2007 2:04 PMI keep getting an error message which keeps me from opening up email. But only on hotmail. I do not think hotmail has been hacked, I just can not open my email in my email account.
Dan [phone numbers removed]
Posted by: Dan V A at March 11, 2007 1:12 PM1,600 personal emails in my hotmail account somehow recently "appeared" in the account of a boyfriend. How could this possibly have happened? They had no physical access to the computer (it was another friend's computer that I was using when this happened). My mind is blown away! Is this hotmail's fault?
Posted by: pm at May 18, 2007 1:37 AMI disagree also about hotmail servers possibly vulnerable to attack, only because I do not believe in coincidences. Just this a.m., I tried to access hotmail and my av program told me there was a virus but it had been stopped before getting to my pc. (My acct. was open, but none of the mail was open) A scan revealed nothing, thankfully. Yet later the same morning, when I tried to even open hotmail, the server was suddenly unavailable. In 4 yrs of using hotmail, I don't remember a server for them ever being down when I tried to access it. Not to say it hasn't happened, just not to me. Now all of a sudden, just after my protection tells me somesthing's amiss, the server mysteriously goes down... I don't believe in coincidence.
Posted by: dlw at July 27, 2007 8:50 AMI have had a hotmail account for years been usding it signing on this account many times, but when I go to sign now everything is in error and I know it is the right username and password but I am not told it is invalid, why?
Posted by: Gloria at July 28, 2008 9:41 PMI tried to log into my email last night and it said my password was incorrect. I log into my account every day, multiple times a day and I know my password. I have no way to get it reset because I never set up any security questions. I sent Microsoft an email on the help site and am waiting for a response. However, from reading these boards, it looks like there are other people that have had this same problem.
Posted by: Karen at October 8, 2008 11:18 AMMy hotmail account problem is not from those spamsters imitating my "from" email but something else that no one seems to have mentioned yet. An ad to buy computers has invaded my email and pops up in my "send" or "reply" modes. I can delete it but it comes back. I can't tell if it is tacked on to my emails but I suspect that. I downloaded the html code but this tells me little --just that the code has become imbedded somewhere. Microsoft hasn't acknowledged my complaint. I won't use hotmail to send emails anymore. I'll use another account.
Posted by: Jenny Wrenn at December 16, 2008 4:36 PMevery time I pull up my email an icon appears telling me a virus is trying to get in the "back door". What do I do? I have full coverage with the AVG security system & it says no virus detected. Yet feom time to time an email gets through with x-rated title (which I do not open, I delete it.
Posted by: Dorothy Lynch at March 2, 2009 9:55 AM