{"id":3117,"date":"2011-05-24T10:56:53","date_gmt":"2011-05-24T09:56:53","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3117"},"modified":"2015-09-09T19:37:13","modified_gmt":"2015-09-09T11:37:13","slug":"hotmail-exploit-has-been-silently-stealing-e-mail","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2011\/05\/hotmail-exploit-has-been-silently-stealing-e-mail\/","title":{"rendered":"Hotmail Exploit Has Been Silently Stealing E-mail"},"content":{"rendered":"

We haven’t reported a whole lot about Hotmail<\/a> over the years, probably because since Gmail<\/a> took over – Hotmail has mostly taken a backseat.<\/p>\n

The most recent report we had was about SSL and how Hotmail Always-On Encryption Breaks Microsoft\u2019s Own Apps<\/a>.<\/p>\n

The latest news is there has been a nasty bug in Hotmail for a while that has been actively exploited allowing malicious senders to snoop on e-mail and even add forwarding rules to the victim account.<\/p>\n

Microsoft has patched a bug in its Hotmail email service that attackers were exploiting to silently steal confidential correspondences and user contacts from unsuspecting victims.<\/p>\n

The vulnerability was actively being exploited using emails that contained malicious scripts, Trend Micro researcher Karl Dominguez said Monday. Successful attacks required only that a Hotmail user open the malicious email or view it in a preview window. The commands embedded in the emails uploaded users’ correspondences and user contacts to servers under the control of attackers without requiring the victim to click on links or otherwise take any action.<\/p>\n

The scripts also also had the capability of enabling email forwarding on the targeted Hotmail account, allowing attackers to view emails sent to the victim in the future.<\/p>\n

Trend Micro researchers learned of the in-the-wild attacks after a colleague in Taiwan received one of the booby-trapped emails. The email purported to be a security warning concerning the victim’s Facebook account.<\/p><\/blockquote>\n

This attack has been going on in the wild for at least 2-3 weeks – that’s the confirmed time frame anyway. It may have been going on for much longer than that, no one really knows.<\/p>\n

Microsoft<\/a> isn’t telling us anything, nothing at all? I’d personally like to know how many users\/accounts were effected? Have they notified these users? What exactly are they doing to mitigate the loss of personal data and so on.<\/p>\n

I wonder if this will get legal like the whole Sony<\/a> case that’s blowing up right now, I’d guess not as Hotmail users tend to a less Internet savvy kind of crowd. I mean seriously how many of you guys\/gals use Hotmail as your primary account? I’d guess probably none.<\/p>\n

Most of you probably have a Hotmail account but use it as a secondary\/tertiary account for signing up to forums etc and spam.<\/p>\n