Microsoft Hotmail Taken Over By Spammers

Posted by Pile (16111 views) Add this story to MyYahoo Add this article to del.icio.us Submit article to Reddit Add story to Furl Add story to StumbleUpon [E-Mail link]


[Spam]
At first I thought this was an anomaly, but after weeks of this activity happening over and over, it cannot be ignored: Microsoft's Hotmail servers seem to have been taken over by spammers and are now pumping out large quantities of spam.

Here's a typical e-mail:
Return-Path: autohybridization.wu_@hotmail.com
Received: from bay0-omc2-s9.bay0.hotmail.com (bay0-omc2-s9.bay0.hotmail.com [65.54.246.145])
by xxxxxxxxx (8.13.6/8.13.6) with ESMTP id l9UGFjvL031188
for ; Tue, 30 Oct 2007 10:15:45 -0600 (CST)
Received: from BLU121-W42 ([10.6.24.77]) by bay0-omc2-s9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 30 Oct 2007 09:19:27 -0700
Message-ID:
X-Originating-IP: [85.66.87.129]
From: disroof Mccauley
Sender:
To:
Subject: Young Tanneyd SHEMACLE Strips & Shrows Cockk In Bedroojm
Date: Tue, 30 Oct 2007 16:19:26 +0000
Importance: Normal
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
X-OriginalArrivalTime: 30 Oct 2007 16:19:27.0676 (UTC) FILETIME=[A4B437C0:01C81B10]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by zzzzzzzz id l9UGFjvL034448


Clasisy LADDYBOXY Perfcect Bblowzjob For Anfal Pleeasujre
Wild Kfinky LASDYBDOY Big Tsits Jezrkiqng Cocjkk

les incqludce, somjewhat cgirculdarly, any fiule thwat can

http://www.bodrzzzzzzs.com/69/


An examination of the IP address the spam came from reveals:
145.246.54.65.in-addr.arpa name = bay0-omc2-s9.bay0.hotmail.com.

Owned and controlled by Microsoft:
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 65.52.0.0 - 65.55.255.255

Every day, I'm now receiving lots of junk spam originating from Microsoft/Hotmail's SMTP relay. Microsoft has consistently ignored reports of the spam and appears to be doing nothing about it. We get zero spam from other services like Gmail or Yahoo mail. It seems like the spammers have figured out how to take control of Hotmail's servers.

What's even more interesting is that the originating server is identified as 10.6.24.77. That's an internal IP address, which is likely an internal server on Microsoft's network. Maybe the spammers have hijacked the web interface? In any case, they've been doing this for months now and the spamming continues.

This is particularly problematic because the most effective way of stopping spam these days is by blacklisting the sending relay and refusing to accept all mail from it. Most mail relays are zombied PCs which shouldn't be sending mail in the first place, but in this case, the mail appears to be coming from a legitimate series of servers (right now mainly limited to the IP range of: 65.54.246.x which is owned by Microsoft and appears to be part of their Hotmail servers.

The originating client IP is marked as being from a broadband host in Hungary. Is someone typing in these e-mails manually into Hotmail? I do not think so. I'm sure I'm not the only person getting these e-mails and I get at least several a day to my one account and I'm sure my server gets hundreds a day. Someone has been manipulating Hotmail to send out spam and it's been going on for awhile and I've reported this through Spamcop and other services over and over, with no results.

This presents a problem for people using Hotmail. You may find your legitimate mail being blocked because Microsoft's Hotmail servers have been blacklisted due to their inability to keep their own systems from being taken over by spammers.


 

Posted by T_C_ on 2007-10-30 11:15:50
Duh, the originator IP address has been forged.
Posted by Pile on 2007-10-30 13:15:47
Where's your evidence for this? Do you even know how TCP/IP traffic works relative to Simple Mail Transport Protocol?

Anyway, the X-Originating-IP: header is not relevant. That could be forged, but not the SMTP relay (the system) from which the spam came. That is Microsoft.
Posted by Jayson on 2007-10-30 14:41:03
I thinking it's a virus on your pc and its inserting the email directly to inbox and making it seem like it was delivered normally.
Posted by Glis on 2007-10-30 15:07:41
I think it would be kind of silly to forge a hotmail account in spam, why not just forge spammer@spam.com or deleteme@phishing.net? If you're taking the time to forge the header at least make it from chase.com or nsa.gov...

I'd agree that it's more likely a virus or compromised server outside of MS.
Hotmail?
Posted by ludditte on 2007-10-30 15:52:40
No insult intended, but why use any Micro$oft service when you can get better for free? You
mention Gmail and Yahoo! I get no spam at all
in my Gmail accounts and rarely in my Yahoo! ones
ludditte:
Posted by wizeGurl on 2007-10-30 16:13:49
I'm no tech wiz, but even I understood that Hotmail was the source of the spam e-mails, not the location of the inbox they landed in.
Posted by Anonymous on 2007-10-30 17:39:23
People still use Hotmail?
Posted by mark on 2007-10-30 18:11:33
I check the spams that get through to my gmail. About half of them are from yahoo accounts and maybe 5% are from hotmail accounts. When I report them to Yahoo, I almost always get a response that they have been taken down. Never any response from hotmail.
Posted by Anonymous on 2007-10-30 22:41:41
Don't believe everything you read. The Email system has no checks or balances. You can make it look like it's coming from or going to anywhere on the planet.
Duh
Posted by T_C_ on 2007-10-31 10:44:19
@Pile: A server at IP 11.22.33.44 could create & send SMTP traffic (ie. emails), but use raw sockets to forge the originator IP address in the packets. Eg. it could forge-in IP address 55.66.77.88. So the packets SEEM to come from 55.66.77.88, and the actual originating IP address is nowhere to be seen at all. Get it?
Posted by T_C_ on 2007-10-31 10:46:15
When I say "in the packets", I mean "in the TCP/IP packets comprising the SMTP transaction".
Posted by Pile on 2007-10-31 13:47:28
It's obvious most of you don't know what you're talking about.

The bottom line is that spam IS COMING FROM HOTMAIL'S SERVERS. This is automated, spam in large quantities. Microsoft must not be able to stop spammers from taking over Hotmail accounts and sending spam to the rest of the world.
Duh squared
Posted by T_C_ on 2007-11-03 07:10:15
Sorry, but you really do not have a clue. The chance of hotmail's servers being open relays, is zero. I suggest that you educate yourself on the technical issues, before you make a further fool of yourself. Goodbye!
Posted by Pile on 2007-11-03 10:12:15
Who said hotmail's servers were open relays?

Again, you don't know what you're talking about. What do you think this is? 1997? Nobody runs open relays any more.
His Benevolent Majestic Wonderfulness
Posted by Obbop on 2007-11-06 13:07:00
Spam?

You mean those e-mails offering me large sums of money and ways to increase the length and girth of my woody?

Well, call it spam if you want but with a couple hundred million bucks in the bank and a 13-inch-long dong I am quite happy, all things considered.
Hotmail hijacked
Posted by DJ on 2008-05-22 18:21:25
I have an old hotmail account that I have not used for a long time and suddenly everyone that was in that address book is being spamed from that email address. When I went into the hotmail account all the contacts have been removed. The address book is empty. How can I have the email address shut down?
Posted by Pile on 2008-05-22 19:04:54
See if you can change the password.
Wow there were some ignorant mf-ers on this board
Posted by phread on 2009-02-10 14:52:07
These were in fact coming from hotmail. Why would a spammer take time forge millions of packets just for a stupid porn spam campaign. Hotmail is free, they sign up for thousands of fake accounts and blast this crap out. Drop your moronic conspiracy theories, and look at the obvious.
xoxo
Posted by Pile on 2009-02-10 15:02:14
I know they're coming from Hotmail, and this has been going on now for years, and Microsoft hasn't been able to stop it. Google doesn't have this problem. Yahoo has it under control. Microsoft doesn't.
Wow there were some ignorant mf-ers on this board
Posted by johnnyBop on 2009-03-03 11:08:01
It's obvious most of you don't know what you're talking about.

The bottom line is that spam IS COMING FROM HOTMAIL'S SERVERS. This is automated, spam in large quantities. Microsoft must not be able to stop spammers from taking over Hotmail accounts and sending spam to the rest of the world.


ALL TRUE
Posted by Hotmailer hacked off on 2009-09-20 03:53:35
like 'Hotmail Hijacked' i too have had an old hotmail account that was still active send me, and all names in the hotmail account address book, a similar spam mailing (only one x 10 copies so far) to the one shown.

While it might just be possible that someone has harvested the email address and then gone to the 'trouble' of guessing/hacking my hotmail password with the sole intent of 'fooling' my address book contacts into thinking the spam was from me, so making it slightly more likely to be read than from a simple spam email account of their own (i received a copy of the letter sent by 'me' to another active non hotmail account as i was also in my address book) it seems rather a strange practice and seems also to be being repeated - so is this a mad spam hacker or is there something more serious at work kere??
MR
Posted by Wondimu Mekonnen on 2011-11-18 13:20:35
My hotmail e-mail has been taken over by a smpammer. I am instructed to reset my password to regain it. I reset it. The spammer, follows exactly the same route and puts request to change password. Hotmail lets him to do so too. He changes the password, profile, including his picture. Now, here is what hotmail tells us. Their customer service wants you to call them at a premium rate of £1.53 per minute, so that they would help you to get rid of the spammer. That is terrible. Probably, we all should migrate from hotmail and leave it to their cherished spammers. By the way, I have been using hotmail since 1996. This is the first time I am being frustrated by them.
 

Comments

 
Name: (change name for anonymous posting)
Title:
Comments:
   

1 Article displayed.

Pursuant to Section 230 of Title 47 of the United States Code (47 USC § 230), BSAlert is a user-contributed editorial web site and does not endorse any specific content, but merely acts as a "sounding board" for the online community. Any and all quoted material is referenced pursuant to "Fair Use" (17 U.S.C. § 107). Like any information resource, use your own judgement and seek out the facts and research and make informed choices.

Powered by Percleus (c) 2005-2047 - Content Management System

[Percleus 0.9.4] (c) 2005, PCS