Join 3,428 readers in helping fund MetaFilter (Hide)


Help me snatch a hacker/spammer
December 31, 2007 4:24 PM   Subscribe

My hotmail acct has been hacked/cracked and is being used to spam people including a few MeFites. I'm pissed and concerned. Please hope me!

I've changed my password to something I think is pretty uncrackable but it's still happening.

Ultimately, I know, I should just use a g-mail acct. But in the mean time, what can I do to investigate, complain and secure the info that exists there in my acct?

It's also odd that at least one Mefite has been spammed who I've never had contacted with hotmail. So I believe that this might be MeFi related too.

p.s. Should I post a PSA to MeTa to let folks know that I'm not spamming them?
posted by snsranch to Computers & Internet (14 answers total) 5 users marked this as a favorite
 
I would check to see what is listed as the backup email address for password recovery. In this case, you may change your password a million times but the offender can retrieve it if they have their account listed as the backup.
posted by timmins at 4:27 PM on December 31, 2007


Are you certain that the email is coming from Hotmail and not from someone spoofing the headers? Can you ask someone who's received the spam to take a look?
posted by sanko at 4:30 PM on December 31, 2007 [1 favorite]


Yeah, sounds like you're being Joe Jobbed. Is the spam showing up in your sent items folder?
posted by krisjohn at 4:34 PM on December 31, 2007 [1 favorite]


It's unlikely to be really coming from your hotmail account. It's called spoofing, and it's really common. I did enterprise email support for many years, and here's a little primer that I've shared with the users over the years who've called me about this very issue.

SMTP, or Simple Message Transfer Protocol, is the protocol used to transmit email between servers on the Internet. Unfortunately, the designers of the SMTP protocol did not anticipate the commercialization of the Internet, and the designed SMTP to be accessible, rather than secure. One of the consequences of this is the fact that SMTP is unauthenticated, meaning that anyone can send email "as" anyone else, and it is trivial for someone to falsify (or "spoof") the sender of an email. Furthermore, it is possible (and preferable) for someone to do so without any access whatsoever to the apparent (fake) sender's email account.

What this means: No, you've not been hacked, nor have our servers been hacked. It is extremely unlikely that any (my employer's name) facilities have been used to send this email, and for that reason, we are powerless to stop or mitigate this. Sorry. Please let me know if I need to explain further.

posted by deadmessenger at 4:38 PM on December 31, 2007 [2 favorites]


Hit "post comment" too soon on my last response. Usually the "explain further" would take the form of me visiting the complaining user's desk and using a simple telnet session to send an email to their account from some really unlikely email address: elvis@graceland.com, santa@northpole.gov were a couple of my favorites. Then, once the message was received a few milliseconds later, I would be able to show them what SMTP headers look like. That demonstration usually drove it home just how easy it was to fake an email, and gave the user a little more insight into spammer tactics.
posted by deadmessenger at 4:47 PM on December 31, 2007


Well, yes, they are showing up in my sent items and I've had MANY delivery failures listed.

This is the last message that was sent. Note: the listed http has been different in different messages.

snsranch@hotmail.com wrote:

try my own film
I've been browsed a selfmade website for uploading good pics and movies.There are my video contents on my new blog, Just for fun. http://blog.goldwindos2000.com/blog.html
posted by snsranch at 4:51 PM on December 31, 2007


Have you told Outlook Express you Hotmail password? Maybe someone's hacked your computer and is using some kind of automation to send messages?

Have you tried contacting hotmail support?

At least they aren't posting "your" film to Projects!
posted by aubilenon at 4:55 PM on December 31, 2007


No I don't use Outlook and haven't contacted support. There are no alternate addies listed. I guess I should just contact support.

Weird stuff. Let's see what happens.
posted by snsranch at 5:03 PM on December 31, 2007


Is the IP address on the sent items spam your IP address?
posted by Pants! at 5:04 PM on December 31, 2007


The fact that the msgs are in your sent mail changes matters entirely. My first guess after hearing that is that your account has been compromised in some way, likely through some piece of malware on your machine. The delivery failures don't matter - they're also a symptom of spoofing.

You may want to change your Hotmail password from another machine. One possibility that I'm thinking of here is that you have a keylogger on your box - if your machine is infected, it's possible that you may be giving your new password away when you change it or log in from that machine.
posted by deadmessenger at 5:21 PM on December 31, 2007


As Pants! suggests, you could probably tell quite a bit by carefully examining the headers of the "delivery failure" messages. There you can find the originating IP address and other interesting info. Look up IP addresses using something like this web site to find the name/owner o the IP addresses you find.

By way of comparison, send yourself an email (or several over a period of time--most large ISPs use different email servers at different times for a variety of reasons) via your hotmail account, examine the headers of that, look up the IP addresses you find.

As suggested above, what you will likely find is that the spam did not actually originate from your account at hotmail.
posted by flug at 5:25 PM on December 31, 2007


Ok, checking IPs.

Thanks a lot for the help guys! I really appreciate it.
posted by snsranch at 5:34 PM on December 31, 2007


If you have a keylogger installed, you might need to go to fairly extreme lengths to remove it - those things are designed to be hard to find, and often use rootkit techniques to hide themselves. Doing a malware scan from outside Windows is your best bet. I like the Trinity Rescue Kit for this.
posted by flabdablet at 9:13 PM on December 31, 2007


[IB's wife]

When i had this happen, it was because an ex was keylogging me. It was just lovely, because he was sending obscene messages to my entire family, as well as messages telling my new boyfriend that I was a fat bitch and would hurt him terribly. If your messages are more general spam, I'd imagine it's some sort of malware from a spammer. But if they seem at ALL targeted, suspect someone in your life.
posted by InnocentBystander at 3:59 PM on January 1, 2008


« Older Who covered "Hey Ladies&q...   |  What is a good workflow to cap... Newer »
This thread is closed to new comments.