All the latest UK technology news, reviews and analysis
|
|
|
10 Jun 2003
Spammers are exploiting a little known vulnerability in Microsoft's Hotmail service to send more junk mail automatically.
According to an advisory posted last weekend by Chip Rosenthal, of US systems developer Unicom, spammers have cracked the Distributed Authoring and Versioning (WebDav) interface which is used to send email to the Hotmail servers.
Although Rosenthal concedes that the small amount of spam coming through with a Dav message header suggests that only a few spammers have exploited the vulnerability, he believes that it is only a matter of time before others catch on.
"Hotmail has always been a problematic spam source," he said. "The saving grace has been that the spam had to be transmitted manually through a web form, so the send rate was limited by how fast the spammer could cut and paste."
But with the WebDav interface, spammers can script a junk mail run automatically and increase the amount of spam they can send out.
"Microsoft is allowing anybody to relay email - with forged headers, no less! - through the Hotmail servers," said Rosenthal.
The software giant has taken steps since evidence of the WebDav flaw first appeared in March.
It has limited the number of email addresses a user can target to 100 in any 24-hour period, and has upgraded Hotmail with extra anti-spam tools.
But Rosenthal warned that as more spammers learn of the vulnerability the deluge of spam will increase.
Microsoft was contacted but unable to comment.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Desktop Deployment Support Analyst (Worksite, SQL...
Project Manager is required by Bank in Germany Suitable...
Mobile & Social Media Application Web Developer...
CCVP Consultant - Telecoms Cisco Certified Voice Professional...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
password theft at hotmail
I was having an e-mail ID at hotmail. On January 10, a few of my friends receive e-mail from my ID requsting that I (myself) am ill and am in Nigeria. He has asked them to deposit money so that I may be cured. On January 11, when I was trying to open my ID all the times I received message that password is incorrect. I guess that my ID has been hacked.
Posted by: ajai srivastav 12 Jan 2008