Hotmail users face mass spamming : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Hotmail users face mass spamming

By James Middleton [13-08-2001] Hotmail users were subjected to a mass spam attack this weekend, at the same time that it was revealed that a security glitch in the service allowed an attacker to hijack a user's Passport. readers have reported mass mailings from a single address which managed to sneak past Hotmail's automatic junk mail filter. One user reported receiving over 8000 copies of the same 'Microsoft products at knock down prices' email.

Another user managed to paste the sender's address into the filtering system, but not before he was bombarded by over 1200 mails. "By the time I accessed the blocking filters and pasted in the rogue address I found that I had 1200+ emails. All emails came from one address and Hotmail's junk filter did not stop it," he told

The discovery of a vulnerability in the Passport authentication system has also put user accounts at risk. Details of a cross scripting attack were published on security sites which would allow a malicious user to hijack the session cookie of another user, effectively stealing their identity.

A malicious JavaScript exploit embedded within an email as a URL can be used to trick the Passport system into passing the user's session cookie to a third party common gateway interface script on a remote server.

This attack is known as 'cross site scripting' and, although Microsoft has taken steps to filter out this type of attack, simply encoding the malicious script by replacing some letters with their hex equivalent will sneak the code through any filters. For example 68 is the hex value of h so the server would translate &x68;ttp:// into http://.

Once the attacker is in possession of the user's session cookie he can effectively masquerade as the true user and take control of all his accounts which use the Passport service.

A coder going by the name of Obscure, who wrote a white paper on the attack, said Microsoft has been informed of the situation. It is unclear whether the problem has yet been fixed.

-- Martin Thompson (, August 13, 2001


Does anyone know if this has been fixed as yet?

Is everyone with a hotmail account in jeopardy if they use their account?

Are persons who have hotmail accounts who simply stop using their accounts in jeopardy?


-- Paula Gordon (, August 14, 2001.

Checked around a bit on this and there is probably more info. Here is a tidbit.

Microsoft may have been victim of Code Red worm

Wednesday, August 8, 2001

(08-08) 17:44 PDT SEATTLE (AP) --

It appears Microsoft Corp. hasn't been practicing what it preaches.

The software giant on Wednesday confirmed that some of its MSN Hotmail servers were infected with a Code Red virus, the computer virus that exploits a vulnerability in Microsoft's own server systems.

The news follows Microsoft's extensive public education campaign aimed at getting users to download a simple patch that protects servers from the virus.

It wasn't immediately clear whether the infections discovered this week were caused by the first Code Red virus or a second, more virulent virus dubbed Code Red II.

Both viruses exploit a vulnerability in the company's Windows 2000 and Windows NT server software that was discovered earlier this year. Similar attacks have caused massive Internet slowdowns over the past two weeks.

Microsoft spokesman Jim Desler said servers had since been patched and that the company has been scanning its systems to make sure they were safe.

"We continue to take it very seriously," Desler said.

MSN Hotmail is a free Internet service that has about 110 million registered users, according to Microsoft.

Desler said no customer data, customer e-mails or personal information appeared to have been compromised in the attack. He also said the company had had no reports of slowdowns because of the attack. f=/news/archive/2001/08/08/financial2044EDT0375.DTL&type=tech_article

-- Martin Thompson (, August 14, 2001.

Thanks so much Martin!


-- Paula Gordon (, August 14, 2001.

Moderation questions? read the FAQ