Hackers Intercept, Infect Hotmail Emails

Dennis Faas's picture

A security firm reports that hackers have intercepted email messages from Hotmail user accounts after manipulating a bug found deeply rooted within Microsoft's website.

While security officials admitted that victims needed to be logged into Hotmail for the attack to work, the virus was also found to affect those that had previewed the message for a short period of time before logging out.

Attack Source: Cross-Site Scripting Flaw (XSS)

The source of the attack was revealed to be a common web programming error called a cross-site scripting flaw.

As security firm Trend Micro explained in a recent blog post, "The script triggers a request that is sent to the Hotmail server. It then sends all of the affected user email messages to a certain email address." (Source: computerworld.com)

While cross-site scripting flaws are nothing new, their presence in popular online destinations (like Windows Live Hotmail) is a rarity.

Facebook Alert Raises Red Flags

Issues first arose over two weeks ago when Trend Micro discovered a message sent to a victim in Taiwan that looked like a legitimate Facebook notification alert. But the email seemed to send out an unfamiliar warning, informing its victim that someone had accessed their Facebook account from a remote location.

Observing the source of the virus post-infection, Trend Micro found that within the email was a specially written script that forwarded the victim's messages to the hacker. (Source: idg.no)

Ploy: Clever and Questionable

While devising the bogus email with a Facebook issue as a tagline was likely enough to entice more than a few curious individuals to open the malicious message, the topic did ultimately raise a few red flags with security companies like Trend Micro, leading to them eventually uncover the scheme.

Trend Micro has since reported that all issues concerning cross-site scripting in Hotmail have been fixed, though between 1,000 and 2,000 victims are estimated to have been affected as a result of the attacks.

Rate this article: 
No votes yet