The Register® — Biting the hand that feeds IT

Feeds

Exploited Hotmail bug stole email without warning

Attacks targeted email contents and contacts

Cloud based data management

Microsoft has patched a bug in its Hotmail email service that attackers were exploiting to silently steal confidential correspondences and user contacts from unsuspecting victims.

The vulnerability was actively being exploited using emails that contained malicious scripts, Trend Micro researcher Karl Dominguez said Monday. Successful attacks required only that a Hotmail user open the malicious email or view it in a preview window. The commands embedded in the emails uploaded users' correspondences and user contacts to servers under the control of attackers without requiring the victim to click on links or otherwise take any action.

The scripts also also had the capability of enabling email forwarding on the targeted Hotmail account, allowing attackers to view emails sent to the victim in the future.

Trend Micro researchers learned of the in-the-wild attacks after a colleague in Taiwan received one of the booby-trapped emails. The email purported to be a security warning concerning the victim's Facebook account.

Trend first disclosed the bug on May 13. Monday's blog post said Microsoft has since plugged the hole, which resided in CSS, or cascading style sheet functionality, but didn't say when.

"The attack takes advantage of a script or CSS filtering mechanism bug in Hotmail," Dominguez wrote. "Microsoft has already taken action and updated Hotmail to fix the said bug."

The vulnerable code helped inject a character into a Hotmail filtering mechanism that changed the way it behaved. The result was a platform that ran arbitrary commands in a user's Hotmail login session.

It's unclear how many Hotmail users may have been affected by the exploits and whether Microsoft has adequately warned users they may have been compromised. Microsoft spokesman Bryan Nairn wouldn't say how many subscribers were targeted or when the patch was put in place. ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Clearly...

... Microsoft has once more been attacked because it is so popular and dominant in the marketplace, and not because of any security failings per se.

2
0

Which Industry?

Methinks the Swiss Cheese Industry

2
0
Anonymous Coward

Still Happening

Found a pile of bounced mail in my account today. So I dont think its fixed yet. I havent signed on via any compromised machines. Last time I changed my password about 3 times and still had it happening.

0
0

More from The Register

 breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
 breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
Internet fraud still stings suckers
Australians twice as gullible as Americans
 breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
 breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
 breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?