IDG News Service - Criminals recently spent more than a week siphoning e-mail messages from Hotmail users' accounts, thanks to a programming bug in Microsoft's website.
The flaw gave hackers a way to read and steal e-mail messages from Hotmail users, and according to security vendor Trend Micro, that's exactly what they did, sending specially crafted e-mail messages to several thousand victims.On May 12, Trend Micro found a message sent to a victim in Taiwan that looked like a Facebook notification alert. The Chinese-language e-mail seemed to be warning victims that someone had accessed their Facebook accounts from a new location.
In fact, it was a ruse. Buried inside the e-mail message was a specially written script that forwarded the victim's e-mail messages to the hacker.
For the attack to work, the victim had to be logged into Hotmail, but the script would run even if the victim simply previewed the message. The attack worked because Microsoft had a common Web programming error, called a cross-site scripting flaw, on its website. Read More
