So everyone in my hotmail address list just received a blank email from me entitled “Hi”, and contents of “—”. What happened ? What should I do ?
Did someone guess my password ? Do I have a keylogger installed somewhere ? Or was the hotmail server hacked ? What is the point of sending that mail ? Other than changing my password, what can I do to prevent this happening again ?
Have you ever used a feature of a Web site, such as Facebook, where it asks for your email username and password “so we can find all of your friends”?
That’s a really good way for spammers to get access to your entire address book.
And, to clarify, you are talking about all of the contacts you have saved under your Hotmail account, right? Not some mailing list with all @hotmail.com addresses on it, or a list of addresses stored in Outlook from which you send using your @hotmail.com address?
I generally avoid these like the plague.
They are all my actual hotmail address book entries (I didn’t receive the mail, but everyone else did) and there is no message in my sent items folder.
Does hotmail provide a nifty “recent activity” link like gmail does where you can see the times, IP addresses, and type of activity (browser, POP3, IMAP, etc) of any recent logins to your account? Someone I know recently had something similar happen with her gmail account – I pointed her to this “recent activity details” link at the bottom of the page and there was a strange IP address in there, which I was able to trace to China. Apparently someone got into her account in a browser session to send this to everyone in her address book. Whether this was from guessing her password, hacking/extracting it from a Google server somewhere, who knows. I told her to change her password immediately and keep an eye on the “recent activity” for any funny stuff…she hasn’t had any more problems.
I just received a sex spam email from myself. This irritates me. I copied the header and sent it to my email provider. They sent me a link to Symantec, which scans for threats. It said my computer (a Mac) is safe.
This is more worrying than that, as they have clearly accessed MY address book (not found my email in someone else’s or just guessed it).
Here is the header of one of the received messages as shown by Thunderbird (there is no “recent activity” link in hotmail, but there was nothing in my sent items), The ??? were added by me:
X-Account-Key:
account2
X-UIDL:
AFm9ktkAABsoS6kIQAj1ACssamk
X-Mozilla-Status:
0001
X-Mozilla-Status2:
00000000
X-Apparently-To:
??? via 217.146.189.89; Tue, 23 Mar 2010 11:28:16 -0700
X-YMailISG:
vhA8DXIWLDtR0azPLYk0IAnd5SRML7NF3Uc3SRATuRq82YpJZKYG4wYZdZqKwFsBXzDOB8avmljJJ4IM4nf2N_5au84IfExqz0._yn62esIFaZbmD4L1j0S2Y1RjKDfASsAllyqgTfk.h91kBeGyysIBne4rVIVaM7W90kO3qGcrKJaLVHexMgFf9SKPUslX2Okf7g0loCMbFxZlLhMeb4zDLAkcpicHU4Hig8b2MkrtNBbMAEmElEsuk4Df3WKiiHKgA76oWPbJFm.ZSwWtmyydncLQWBPuH5tmWTa4c8C1jP4nUK59Mcv2kN7QoivvFIlhwKuM7kDKknSk50c7w6PFMkJZLHpSgvCOlS9vCK4kyG.iyTKmUF_OFaUWaDjjfL3omxwmCD.IuSEcSrCZmojzV1OynXK.djYlMmXWGSG1lnF9vAseZlEASIlNjz34LXPpsuWEb7sbMR3q1HtNBUNVcrCZaVHKWAktxhMQGO_3FQejNuNiAsaP92nAtngLuRB920xlK1ttrOp0xzsPA.EEyz6Qxvdhw1sB6prII1L7yTleVjP6U8c_h9alb25BFLugWxmTv_J9mHw3CBv75VROkldFUM_EERIdVp1YoCs1.cF9uqUUIVZMLBFSDrNJl0LS.fzES9oXQ_YA6BLonsbh05O0xSjcojVm2uX1KaVI3sgLM4zEJjaekOylJm0Z.LB8TdtP.nf_XTTazBZS5dwmP7Glt7LzTZX0oNxL7CLnlaM1HO9x3Or4s.Y94LceBdyd1xUZUG9TQAIE07._Nmp7CHAZO3PsHBknq6n4ncxygX2e8e1OJnmUVJ6SYdWmKeJrv_UqYNdIMdAlcexxP_ltNCeCyS7lamYsH_pJ2rUtQNq1v2oLWHownB7nMlyTI6jLJjUKLBA25Slmvw8Kk8s0aKFgveg8U2HlR_uvDpkP5w–
X-Originating-IP:
[65.54.190.228]
Authentication-Results:
mta1062.mail.ukl.yahoo.com from=; domainkeys=neutral (no sig); from=hotmail.com; dkim=neutral (no sig)
Received:
from 127.0.0.1 (EHLO bay0-omc4-s26.bay0.hotmail.com) (65.54.190.228) by mta1062.mail.ukl.yahoo.com with SMTP; Tue, 23 Mar 2010 11:28:16 -0700
Received:
from BAY111-W27 ([65.54.190.199]) by bay0-omc4-s26.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 23 Mar 2010 11:28:15 -0700
Message-ID:
<BAY111-W27C607B8D8E1F1B78E78D885260@phx.gbl>
Content-Type:
multipart/alternative; boundary=“a15f8094-18e6-4d8e-bbfb-94e1588626b5”
X-Originating-IP:
[41.238.192.66]
Importance:
Normal
MIME-Version:
1.0
X-OriginalArrivalTime:
23 Mar 2010 18:28:15.0344 (UTC) FILETIME=[9A340700:01CACAB6]
I think it’s quite likely your account was somehow broken into. You need to change your password. I doubt they sniffed every email you’ve ever sent and figured out your address book.
It seems odd that they would waste a message just to say Hi. My guess is that it originally contained a spam link/virus of some kind, and this was filtered out.
I think it is unlikely you have malware on your system, not because it’s a Mac, but because webmail doesn’t work that way.
Oh, just saw the IP address you listed as the origin. I assume that isn’t your IP, as you wouldn’t have listed it. If it’s not one you’d likely of used, that’s likely the same situation that troub mentioned.
The IP traces from Cairo, Egypt, according to a Google search. Sounds fishy. Again, you probably want to change your password. I don’t know if there’s a way to report the IP or not.
Getting a message from yourself is no big deal, as quite a lot of SPAM spoofs the To header. Why they think spoofing to be exactly the same as the From header, I have no idea. Gmail at least always puts these in Spam.
I have been receiving a large number of these blank emails for a couple of weeks, but just lately they have stopped.
I assume that some sort of security hole has been patched.