Hotmail compromised - possible via local computer?

Golden Ape · 18 Jul 2010 at 15:07

Afternoon all. So I've just got back from holiday to find that my girlfriend's hotmail account has been hacked (well I assume it has) and I can't figure out how, one possibility being that the computer we both use (Win7) is compromised.

So this is what happened. Apparently everyone in her address book has received an email purporting to come from her and directing them to a site tradeshopping888.com to get cheap iphones. According to google this is a well known scam and URL. As far as I can tell everyone in her hotmail address book has received the email but going looking at hotmail now this email doesn't appear in the 'sent email list'. What I can't figure out is how this was done. Either the hotmail account was compromised (the password was quite strong and wasn't changed after the attack) or her address book was obtained from elsewhere and the email address spoofed. Which started me worrying about our local machine, though there's no sign of trojans/key loggers etc on that.

Should I be worried? How was this done?

theheyes · 18 Jul 2010 at 15:10

The first thing I would do is change the password from a known good computer.

The account could have been compromised from another PC - did she check her emails while on holiday? Items not appearing in the sent box is not unusual.

Whether you PC is malware free is another issue. What makes you believe there isn't an infection?

Bint Box · 18 Jul 2010 at 15:17

If she checked her email overseas in an Internet Cafe or Hotel etc I think that there is a fair chance that is the cause of it.

Rgds
Binty

demonix · 18 Jul 2010 at 15:20

My guess is that either your GF uses the password for that hotmail account on another site (which uses an e-mail address as a user ID ) and that site was compromised to send ID's and passwords to a third party who then use that e-mail address for a one shot spamming (they do tidy up after themselves which is why there's nothing in the sent mail folder), the password was cracked by the hackers themselves, or your GF was stupid enough to fall for a phishing scam (and I hope this wasn't the reason) and they got the password that way.

Either way changing the password would be the best bet just in case they try and get back into the account (although I have seen a few other hotmail accounts that have been compromised myself).

Destination · 18 Jul 2010 at 15:21

Agree with binty.

Golden Ape · 18 Jul 2010 at 15:24

Thanks for all the input. I don' think it was a secondary computer (we were staying in a yurt with no electricity!) and as far as I know she hasn't checked her mail on a public machine for a long time. As for our home machine I'm currently using microsoft's free virus checker (hmm which might not be very good - really should install nod32 again - I'll check now with housecall).

Golden Ape · 18 Jul 2010 at 15:26

I think demonix is most likely right, the password she used (it's now changed) has been used on other sites, possibly in conjunction with her hotmail password. I've seen it happen once before to a friend and I think the same explanation is probably right.

flapcats · 19 Jul 2010 at 14:52

Another friend just got one of these emails from a colleague, so it's probably a mass-thing rather than a one-off with the OP's gf.