Thanks to fdiaz2day for posting this in the BPN.
A new--but not well known--Microsoft vulnerability is being exploited by spammers, creating even more junk mail in your inbox.
Microsoft has a terrible record of deploying features without thinking through the security implications thereof--and responding slowly when problems are discovered. Well, here we go again. In recent releases, Microsoft implemented tighter integration between the Outlook Express mail client and their Hotmail free email service. The WebDAV (Distributed Authoring and Versioning) protocol is used to submit email to the Hotmail servers.
Microsoft often protects their systems with a security technique called the we'll keep it sooper sekrit and maybe the bad guys won't figure it out security method. It appears this may be the method they used to protect the Hotmail servers from breaches in the DAV interface. Well, guess what? The spammers cracked the interface, and are now using it to programatically generate a metric buttload of spam.
Microsoft has created a grave spam threat with this vulnerability. Hotmail has always been a problematic spam source. The saving grace has been that the spam had to be transmitted manually, through a web form, so the sending rate was limited by how fast the spammer could cut-n-paste. Now that Microsoft has provided this new programmatic interface for spammers, that limit has been removed. Spammers may now script their spam runs--and they do--which has created a huge increase in spam transmitted by Hotmail. Out of my last 25 Hotmail spams, 2 were transmitted by web form and the rest by the DAV exploit: a 2200% increase!
View: The Complete Article
News source: Slashdot.org
1 Comment - Add comment