Hotmail virus

December 14, 2009 at 08:27:39
Specs: Windows Vista Home Premium SP2
Yesterday an email was sent from my Hotmail account to my entire address book without my knowledge. Can anyone help with this?

Here are the contents of the email:

Subject: hi a
Date: Sunday, December 13, 2009, 4:26 PM

2009 new electronic products preferential promotion
Dear friends:
Welcome to join our company member club , Everybody here can enjoy our products member price ,we have been received very high praise from our customers All customers can browse through our company's home page <> . Our products (notebook PC,digital camera,plasma and LCD TV,digital DV,Motorcycle,phones,Mp4,and so on) all have low price and high quality in order to attract more new customers to cooperate with us . Hope here is your shopping heaven!
email: tradeelectron at 188 dot com
If you are interested in our products. please visit our web site.

See More: Hotmail virus

Report •

December 14, 2009 at 08:54:52
This is not a virus but spam by the bad guys.

Welcome to the age of Internet where crooks and spammers are getting more smarter day by day. This is another case of the bad guys getting hold of - and abusing - your address book.

Refer this issue to Hotmail Abuse Team since they’re the ones that handle this type of concern. You can send them an e-mail at


Report •

December 14, 2009 at 09:54:13
Thanks! I will report it.

Report •

December 14, 2009 at 10:20:22
Below is some information from the Hotmail solutions center. They recommend scanning your computer for viruses, and then immediately changing your Hotmail password to a strong password.
I did the scan and found a virus, and now have a new password.

Recent reports of Account hijacks

This solution article provides information about the increase in reports that we have received about accounts been hijacked and spam mails been sent to customer's contact list without customer's knowledge.

Hotmail is seeing instances of accounts being "hijacked" by spammers who send emails out advertising an electronics website. The spam mails usually have subjects like "Good shopping good mood" and may go to your contact list in addition to a random list of emails. Indications that this is happening to you may include you being required to match the characters in the picture (to verify that you're a person and not an automated program) to send mails when you reach your limits.

Note that you will still be able to login, and are in fact, "sharing" your account with the spammer. Hotmail believes that this may be due to a virus on a computer that you have used to login to Hotmail at some point in the past.

If you login and see in your "sent items" folder mails that you haven't sent, or receive Non Delivery reports (NDRs) in your inbox, we recommend that you scan your computer for viruses and malware using a reliable Antivirus product (click here to go to Microsoft's anti-virus page). Once your computer has been cleaned, immediately change your current password to a "strong" password. Click here to know how to create a strong password.

The worm/virus sends various messages that entice users to click on a malicious link that leads to a Web site. Clicking on the said link downloads a copy of the worm onto message recipients' computers. Upon download, it then gathers e-mail addresses saved on the recipient's computer and sends itself out to all of those addresses.

There are a number of ways you can protect your computer against these viruses:

- Obtain the most recent virus definitions. You can visit your anti-virus company's website or call them to get more information.

- Be cautious about opening messages that contain links to websites.

- Be cautious when opening embedded links. Point your mouse cursor on the link and look at the underlying URL that displays in your browser status bar at the bottom and ensure that the URL makes sense for what the link states. Never login from one of these links. If a link directs you to login to a service that you use, instead go to that service by accessing the services website directly from your browser and not use the embedded link.

- Do not open attachments unless you are expecting them.

- Download the latest Microsoft updates frequently. , , ,

Report •

Related Solutions

December 14, 2009 at 17:14:46
Here's another solution from Hotmail that explains one way how spammers are able to hijack email accounts:

Creating a strong password for your e-mail account: why you should and how to do it
Tags: account, security, email, e-mail, strong password, account protection, tips and tricks, password

Every day you’re bombarded with requests to create free accounts, register with a web site, or sign up for more information. Through all of this, people often don't associate these requests back to the security of their personal accounts; such as banking, email, or business information. This is what scammers capitalize on, to gain access to your assets.

How do scammers gain access to your assets?

It used to be through various automated means and took shape into what's called a brute force attack. This is exactly as it sounds - automations, or "bots", send non-stop attempts against the target until a way in is finally found. This may take the form of a dictionary attack where the bot literally runs through common words found in a dictionary in an attempt to crack an account. More sophisticated attacks such as trying to send code to the site which would open back doors or trying to overflow the thinking parts of the site so that it’s security checks fail rounded out the more common scenarios.

Nowadays, laws and expectations around the protection of private information has forced institutions to dedicate much more time and resources to preventing brute-force attacks from succeeding. Since the payload for the scammer is now much harder to come by, they are moving on to the easier targets wandering from the herd. Sites that are less prominent, newsgroups, forums, and other social networking types of communication open a new horizon for the scammers. Here, they can point their highly sophisticated bots at sites that may not be so worried about intrusion protection. And why would a forum care if someone copied their member's passwords? All they could do is post as that user, right? Wrong.

Using the same password everywhere puts you at risk

Even with all the focus on consumer safety on the Internet, many people use the same password for all of their accounts. Scammers rely on the fact that most users of these sites aren't technically savvy enough to have separate passwords for "throw-away" accounts and their primary passwords list for their highest security accounts. Their bots find openings in the sites and gather these email addresses and passwords. Now, they have the key to the front door.

The first thing is they will see if that is your email account password. If it is, then a lot of trouble is to come. Now they can send mail, pretending to be you, to your contacts asking them to send you money because you’re stranded somewhere. They can read all of your personal mail, and find out your open accounts through electronic statements. From there, they circumvent all the protection of the institutions by entering the valid information of their customer. If one of those institutions is your bank account, you can imagine the consequences. There is also no way for these institutions to stop this type of attack; the scammer entered the right password!

How to protect yourself

So, how do you protect yourself from becoming a victim? Following a few simple guidelines, you can create a wall of security around yourself that will help add to the security of the institutions you deal with. Whenever you create a new online account, consider:

· What is the purpose of this account? Are you creating a new account for online bill pay with your bank or are you more interested in the latest celebrity gossip? The answer to this should be the determining factor for the next questions as well.

· How secure does this password need to be? Access to your financials and email account is a critical thing; therefore your passwords for these accounts should be un-guessable, even by a computer. If it is to post a response on a gamer forum, perhaps it doesn't need to be so complex.

· How do I remember the hard ones? This is the inevitable gotcha of a secure password. With all of those requirements, how does one remember? Through some creativity, you can break some of the above rules if you concentrate more on others. See below for some creative ways to do this.

· Use Throwaway passwords! This is something that can't be stressed enough. Don't use the same passwords for your virtual presence and casual accounts that you use for your most precious accounts.

· Protect ALL of the passwords from everyone. Yes, this really does mean protect it from your family and friends. These people are the ones that know your most intimate details. Friends can sometimes quickly turn to enemies. Developing a practice of maintaining confidentiality of your passwords is an important step in securing and protecting your online assets.

4 Easy tips to create a strong password

So, how do you actually create a good password that’s not easily guessable that you can also remember? Complexity is the key to security when choosing a password.

1. No reference to your life. Highly secure passwords have no reference to a person's life that could be readily found online or through friends.

2. Longer is better. They should always be at least 8 characters long

3. Combine characters. They should contain a combination of letters, numbers and special characters, like a question mark, period, @ or #.

4. Change them on a regular basis. You can setup your Windows Live ID password to expire every 72 days, and it will automatically remind you to enter a new password. You can go to and login to select these settings. You can read instructions on how to do this here.

Making the above tips work for you:

1. I want to use my pet's name – You can do that, but not exactly as the name is, because your pet's name is easily guessable and could be under 8 characters. A couple of examples can show you ways to do this:

a. A friend’s cat’s name is Bella. Bella loves tuna more than anything. A simple to remember password option could be: Bella#Tuna

b. A friend’s beloved horse’s name is Sand dollar. Combing letters and numbers results in a password option of: Sand D011ar (where the “o” is a zero and the “l”s are ones)

c. My dog’s name is Lady Dog. Using a more advanced option with something called Leetspeak (L33tspeak), a way of using special characters to form letters and words, I can create her name to be: |_aDy |)oG. (Notice in the word L33t that "3" replaces "E", which are close mirror images of each other.)

2. I want to use dates I can remember - You can do that too, again with some adjustments. One technique here is to concentrate on the password length. For example, a password that has 6 letter and number characters has 531,441 (9 to the 6th power) possible combinations. When you extend the length to 8 letter and number characters, the possible combinations jump to 36 to the 8th power; simply put, that's over a trillion different combinations.

a. I want to use my daughter's graduation date (May 15, 2008), my son's birthday (July 11, 1997), and my best friend’s birthday (August 2, 1980). Here's how this could look using different date formats and adding a space then comma for additional complexity: 20080515 07111997,19800802

b. If your wedding anniversary is May 25, 1990, and you use the “1, 4, 3” code for “I Love You”, your password options could be: 14305251990, or 143May251990 or May251990@143

So, today’s a great day to change YOUR password. Even better, change your password every time you change your clock for daylight savings. Even twice a year is better than none at all.

* Posted by Scott H
* Remove post from favoritesAdd post to favorites...
* Remove "Support Manager's Blog" category from favorites Add "Support Manager's Blog" category to favorites...

* Last Updated Apr 08 2009
* Last resolved a question on Dec 13 2009

Report •

Ask Question