Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Exploiting Hotmail Vulnerability

Posted by timothy on from the special-circumstances dept.

chip rosenthal writes "Notice more Hotmail spam in your inbox recently? There is a good reason for that. In March, spammers discovered a new vulnerability in the Hotmail service that allows them to script their spam sending. So far I've seen a 2200% increase in Hotmail spam as a result. We're now at three months and counting, and the problem only seems to be getting worse."

4 of 310 comments (clear)

  1. Hotmail use by Mozz_y · · Score: 5, Insightful

    The best use for hotmail always has been: Use the account only for entering onto forms that require a live email address that info will be sent to immediately in response to the form being filled out. Then beyond that, don't even bother checking, just periodically empty the inbox all at once.

  2. What kind of crack is that guy smoking? by Anonymous Coward · · Score: 5, Insightful

    You've been able to send email through OE and Outlook for years without utilizing the hotmail web interface. Outlook could easily be automated through COM to be a bulk mailer.

    How is this any different than signing up for a standard throw away ISP account with imap or pop/smtp servers and using a bulk mailer in conjunction with it?

  3. Re:DAV as an integration method for outlook? by BWJones · · Score: 5, Insightful

    and that the vulnerability was created to allow greater integration for Outlook users.

    So, Outlook is this huge pipe for virii, worms and spam leading me to wonder.....why is anyone still using Outlook?

    I am not trolling here, this is a serious question based on example after example of companies that want to standardize on Outlook. For instance, my wife's company (a large multi-national conglomerate which will go un-named) decided last year that they wanted to standardize on Outlook. Their support costs have supposedly skyrocketed and yet there is no discussion of using something else. What is happening here?

    --
    Visit Jonesblog and say hello.
  4. Re:No Biggie by waynemcdougall · · Score: 5, Insightful
    Like most people I suspect your grasp of "really obscure" is about as good as Microsoft's grasp of security through not documenting anything.

    On March 6 I created a Hotmail account with a choice of name designed to be "really obscure". I have not had one single piece of spam arrive in that account. In 3 months, no spam. I've only used this account to test whether spammers use email addresses harvested from 551 User not local; please try really-obscure@hotmail.com SMTP responses (conclusion - no they don't)

    Having see dictionary attacks on my own domain (and seen the bounces from dictionary attacks when spammers fake my source email address), I can conclude that geeks choice of obscure doesn't range far off science fiction character names.

    As for this Hotmail exploit, I had been wondering why these spams were getting through my DNSBL lists - about the only spam that was.

    Time to add hotmail.com to the baclklist until Microsoft fix this.

    --
    Recycle PCs and build a wireless community network www.hillsborough.org.nz