Hotmail Exploit? sjmyz.com RRS feed

  • Question

  • I run Live OneCare on my home network.  My wife uses Hotmail.com for her e-mail via IE7.  Her laptop is XP Pro SP3 with all the latest updates for IE and XP. 


    Yesterday I receive an e-mail with the subject "Hi" from my wife.  The message was a ad for sjmyz.com and included links to their website and e-mail which was a @yahoo.cn address and a hotmail.com address. 


    It was sent to everyone in her address book, so it obviously hijacked her address book and sent out a mass e-mail.


    My questions to the OneCare team:


    1. What exploit is this?
    2. Why didn't OneCare stop it and/or detect it?


    My wife's laptop OneCare status is "Green" and her last scan (09/09/08) came up clean. From the 2nd link it is obvious this exploit has been out since 08/11/08.


    I've performed a quick search and yielded the following sites:  the first from another poor soul whose address book was hijacked and the second is an exact replica of what my wife's e-mail read. 






    In case you don't want to click the links above (understandable) I've included the actual text below.  I have removed the hyperlinks because I didn't want anyone else to fall victim.


    Dear friend:
       We are an electronic products wholesale .Our products are of high
    quality and low price. If you want to do business , we can offer you
    the most reasonable discount to make you get more profits. We are
    expecting for your business. 

    Please visit our website: ----------

    E-mail : --------------
    MSN: ------------------


    Looking forward to your contact and long cooperation with us!
      Our mainly products such the phones, PSP, display TV, notebook,
    video, computers, Mp4, GPS, xbox 360, digital cameras and so on.
      Welcome to visit our website!

    Thursday, September 11, 2008 3:15 AM


  • If your wife uses Hotmail.com, then her contacts are on the web and it appears that her account may have been hijacked. Change the password immediately - http://account.live.com - and make sure it is a strong password, not easily guessed/cracked.

    Contact Windows Live Hotmail support - http://support.live.com - to report this.

    It isn't a OneCare problem as it was not initiated from her PC, but was an account hijack, unfortunately.



    Thursday, September 11, 2008 12:50 PM