Hotmail flaw allows attackers to exfiltrate emails
Posted on 24 May 2011.
The analysis of a recent targeted attack against webmail users has led Trend Micro researchers to discover a vulnerability in Microsoft's Hotmail webmail service that allowed attackers to siphon contact details and email messages from the victims' accounts.

To trigger the attack, the victim wasn't required to click on a link or download and execute an attachment - simply opening the message would do the trick and a script embedded in the email would automatically be executed.

The script would then connect to http://www.{BLOCKED}eofpublic.com/Microsoft.MSN.hotmail/mail/rdm/rdm.asp?a={user account name}{number} to download yet another script.

"The nature of the said URL strongly suggests that the attack is targeted," say the researchers. "The URL contains two variables—{user account name}, which is the target user’s Hotmail ID, and {number}, which is a predefined number set by the attacker. The number seems to determine the malicious payload that will be executed, as we’ve found that the information theft routines are only executed when certain numbers are in the {number} field.

This second script takes advantage of a script or a CSS filtering mechanism flaw present in Hotmail to send out a request to the server that makes it forward all the stored emails to a predefined email address belonging to the attackers.

The good news is that once the user logs out (i.e. terminates the session) the email forwarding stops. Another good news is that Microsoft has been apprised of the situation and has already implemented a patch for the flaw.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //