Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Could the Microsoft Servers Be Infected?

Anything is possible. The more important question is, how likely is it?

by Leo A. Notenboom

It's tempting to blame the mail service for account hacks and vulnerabilities, but in fact that's rarely the case. Much more likely is that hackers gained access to individual accounts through more traditional means.

An Infected Server? — (Image: canva.com)

I tried to help someone whose computer had been infected by malware. After the computer was disinfected and before my friend even used that computer again, she complained that all her contacts (in her Hotmail Contacts list) suddenly started getting virus attachment emails which appear to be sent from her Hotmail account — even though she wasn’t using the previously infected computer — and wasn’t sending them anything. She is sure the other computers she is using are well-protected and “clean.” I had advised to her close the Hotmail account — but, nevertheless, it’s hard to believe the Hotmail servers are this vulnerable — and if they are, how can she be sure she won’t have this problem with another Hotmail account? There are additional issues, but first, I want to be sure this is really the root of the problem at this point: an infected account on the Hotmail server.

There’s probably a very simple, mundane explanation here: your friend’s account has been hacked. Someone else has access to it.

It’s not that Microsoft’s servers are vulnerable; it’s that your friend’s account was.

And that’s very common.

Become a Patron of Ask Leo! and go ad-free!

Microsoft servers infected?

It’s extremely unlikely that the servers of any major online service would be hacked. Much more likely are the many ways that individual accounts can be compromised or that malware can make it on to individual machines. Most important is that you implement all appropriate security measures for your equipment and online accounts.

Mail programs versus mail servers

First, realize that Outlook.com (Hotmail’s replacement) isn’t running mail software like you and I run.

Outlook.com and other mail services run custom software tuned for being mail servers. They’re designed to collect and deliver mail on behalf of thousands, if not millions, of customers.

The “address book” you see on screen is likely stored on Microsoft servers in a custom and undocumented format 1 that would be near impossible to reverse engineer without direct access to the Microsoft data center. To the best of my knowledge, no current malware has a clue how to do that.

I’m sure that Microsoft and Microsoft-related servers are some of the biggest targets for hackers on the planet. You can bet that these are some of the best-secured servers in existence. From industrial-strength firewalls to totally secured and locked-down data centers in undisclosed locations, Microsoft servers are well protected.

Finally, if there were any kind of a security breach or problem on the servers themselves, Microsoft would be all over it as fast as humanly possible. If necessary, it would take the service down to protect its customers.

So, no, I don’t believe Outlook.com or Hotmail itself has been hacked, or that the servers have any kind of malware infection.

Most likely: no malware at all

So where’s the email coming from?

By far the most common cause of the symptoms you describe is an account hack. Someone has somehow determined the sign-in credentials for the email account, signed into Outlook.com, and started sending email to the account contacts.

The only thing required is the ability to sign in to the account. That’s it. No malware involved, and certainly no malware on the Microsoft server itself. Malware may have been involved in determining the sign-in credentials, but that could have been something like a keylogger on your friend’s computer.

Or your friend’s computer may not have been involved at all. If they re-use passwords, then hackers may have gotten around to trying a password discovered elsewhere with this Hotmail account and been successful.

Still possible: malware

If malware is involved, it’s more likely that it captured the sign-in credentials as I described above, allowing the hackers to sign in to the account directly.

It’s not nearly as common as it once was, but malware has also been known to infect email programs on PCs. The malware would take control of Microsoft Office Outlook, Thunderbird, or others and send spam and malware. It’s pretty rare these days, though.

Also possible: it’s not you at all

It’s possible that nothing in your control or your friend’s control is involved at all.

Spammers can fake the “From:” line on the email that they send. It looks like it came from your Hotmail account, but in fact it came from somewhere else entirely. A quick look at the details of the mail header usually confirms this.

I’ve discussed this at length in an earlier article, “Someone’s Sending From My Email Address! How Do I Stop Them?!”

The result is your friends could be getting spam — perhaps carrying malware — that looks like it came from you, but in fact had nothing to do with you whatsoever.

Do this

Don’t jump to the conclusion that your service’s servers have been hacked.

Instead, review your own security measures. Protect your machines with good security software, and scan them regularly for malware.

Make certain your online accounts are protected with strong and unique passwords, and consider adding two-factor authentication for an extra level of security.

And of course, subscribe to Confident Computing! My newsletter helps you use technology with less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Footnotes & References

1: Very likely in a large database using something like Microsoft SQL Server or similar.

23 comments on “Could the Microsoft Servers Be Infected?”

KH

May 11, 2006 at 9:26 am

“Finally, if there were any kind of a security breach or problem, you know that Microsoft would be all over it as fast as is humanly possible – taking the service down if necessary to protect its customers.

So, no, I don’t believe Hotmail has been hacked, or has any kind of infection”

I very much disagree with you. Hotmail finally admitted/confirmed that there was indeed a security breach and that someone had hacked into my account and was using my email address to send viruses to everyone in my contact list as well as any email addresses contained in messages in my inbox/folders. While my virus protection is updated, I have scanned my computer using the program suggested by MSN (nothing found), I have changed passwords and secret passwords on the account many times and have emptied out my entire hotmail account (contacts/messages). Despite this, messages are still going out several times a day to everyone (not just my contact list) – I know this because I am receiving the bounce backs from servers which have rejected the virus attachments as well as bounce backs from no longer valid addresses. I have been trying for three days to close the account entirely so that people at least will get a message saying the account is closed so people will know I have tried to take some action. Very serious breach – not just a random attack. I have since switched to gmail.
Reply
Leo

May 11, 2006 at 6:56 pm

Your account being hacked is NOT the same as the HotMail servers being hacked.
Reply
Jeff

January 4, 2007 at 2:04 pm

I do not know who is right, I do not want to argue with whom, I just want to get solution.

I have same problem as KH, even if I have not used
my Hotmail account for a couple of days.

It keeps sending some email to my contact list.
It is pretty buging me.

Do you guys have some solution or suggestion?

Thanks
Reply
Dan V A

March 11, 2007 at 1:12 pm

I keep getting an error message which keeps me from opening up email. But only on hotmail. I do not think hotmail has been hacked, I just can not open my email in my email account.

Dan [phone numbers removed]
Reply
pm

May 18, 2007 at 1:37 am

1,600 personal emails in my hotmail account somehow recently “appeared” in the account of a boyfriend. How could this possibly have happened? They had no physical access to the computer (it was another friend’s computer that I was using when this happened). My mind is blown away! Is this hotmail’s fault?
Reply
dlw

July 27, 2007 at 8:50 am

I disagree also about hotmail servers possibly vulnerable to attack, only because I do not believe in coincidences. Just this a.m., I tried to access hotmail and my av program told me there was a virus but it had been stopped before getting to my pc. (My acct. was open, but none of the mail was open) A scan revealed nothing, thankfully. Yet later the same morning, when I tried to even open hotmail, the server was suddenly unavailable. In 4 yrs of using hotmail, I don’t remember a server for them ever being down when I tried to access it. Not to say it hasn’t happened, just not to me. Now all of a sudden, just after my protection tells me somesthing’s amiss, the server mysteriously goes down… I don’t believe in coincidence.
Reply
Gloria

July 28, 2008 at 9:41 pm

I have had a hotmail account for years been usding it signing on this account many times, but when I go to sign now everything is in error and I know it is the right username and password but I am not told it is invalid, why?
Reply
Karen

October 8, 2008 at 11:18 am

I tried to log into my email last night and it said my password was incorrect. I log into my account every day, multiple times a day and I know my password. I have no way to get it reset because I never set up any security questions. I sent Microsoft an email on the help site and am waiting for a response. However, from reading these boards, it looks like there are other people that have had this same problem.
Reply
Jenny Wrenn

December 16, 2008 at 4:36 pm

My hotmail account problem is not from those spamsters imitating my “from” email but something else that no one seems to have mentioned yet. An ad to buy computers has invaded my email and pops up in my “send” or “reply” modes. I can delete it but it comes back. I can’t tell if it is tacked on to my emails but I suspect that. I downloaded the html code but this tells me little –just that the code has become imbedded somewhere. Microsoft hasn’t acknowledged my complaint. I won’t use hotmail to send emails anymore. I’ll use another account.
Reply
Dorothy Lynch

March 2, 2009 at 9:55 am

every time I pull up my email an icon appears telling me a virus is trying to get in the “back door”. What do I do? I have full coverage with the AVG security system & it says no virus detected. Yet feom time to time an email gets through with x-rated title (which I do not open, I delete it.
Reply
Jay

February 1, 2010 at 9:19 am

my mail keeps sending a message off of contacts. every time i turn my pc off then on a message is sent that i didn’t send.
Reply
joanna smith

February 8, 2010 at 10:32 am

I have recently been recieving delivery statis notifications that say it has attatchments, well I am not sending these and it has been sent to everyone in my contacts. It has attatchments for advertisements for various product, especially medications. I have run a scan and know I do not have a virus. How do I stop this from happening?
Reply
Al Foster

February 14, 2010 at 9:12 pm

for the second time and email was sent to various email address of mine says undelivered. Also advertisement for Vagra and other drugs attached. This is the second time with in 1 month…. Help please…. and thanks…
Reply
Al Foster

February 14, 2010 at 9:16 pm

For the second time in about 1 month I have receive the statement … that unable to deliver .. old address and even some of persons I dont know… HELP PLEASE…..Thanks
Reply
salmon

February 20, 2010 at 2:49 am

I had the problem with the hotmail virus which send email to all in your contact list & then it deleted all my contacts! Thereafter I received very rarley e-mail. what the do is they change your junkmail settings, all your emails go straight into the junkmail because only e-mails from your contact list (which is now deleted by the virus!) go into your inbox. They also change the settings that alll your junkmail are deleted straight away!!! Therefor I got alsmos to e-mail!

Please spread the message to check your junkmail settings!
Reply
Dennis P. Habern

March 18, 2010 at 9:24 am

As of yesterday, I have lost the capability to
delete unwanted messages. I can still receive
and send messages, but when I send messages, it
takes at least 1 minute for the computer to
complete the transaction. When I attempt to delete
a message, a computed generated message comes
across the the screen and indicates this:

“There was a problem with windown live Hotmail
Service (a temporary network connectively issue
that has nothing to do with your computer).
Please try again.

In addition, a few weeks ago, I received an
e-mail message request, appearing to be from
Hotmail, asking for all my persnal data. I
refused the request. Therefore, could this be
the same person that initiated the personal
info request, that has the capability to now
cause the problem in which I cannot eliminate
unwanted messages?

Thank you.

Sincerely,

Dennis P. Habern, Msgt, USAF, Retired
Reply
Louche

May 18, 2010 at 9:24 am

The answer is obvious. She uploaded an infected file to her hotmail account while it still had a virus on it. Happened to me, too.
Reply
britney jones

November 28, 2010 at 4:05 pm

Leo you evidently do not know as much as you think. When you said it isn’t the hotmail how do you explain my hotmail account sending out virus laden emails to all my contacts while the power was out to the house and the computer was off due to an ice storm. With no battery back up and the power completely off emails were sent from my hotmail account. So of “GREAT ONE” explain that.

No problem – someone has hacked into your account, and logged in from their working computer to send out that malware and spam. This is happening A LOT right now – yours is not the first report. The Hotmail servers themselves have not been hacked.

29-Nov-2010

Reply
linda kincaid

March 2, 2011 at 11:08 am

I’m having trouble reading my emails. I pick unread emails but it still doesn’t let me read what the email says. Help me.
Reply
Dana Karl Hall

May 5, 2011 at 6:11 pm

Hotmail/Live Mail mainframe computers have been hacked since early April 2011. I reported this significant breach to Microsoft, including the identification of the hacker. Microsoft gave me a new Hotmail email address, much like the old one. Microsoft is working quickly to correct this major problem affecting all Hotmail/Live Mail accounts.

You sure it wasn’t just an account that was hacked? Giving you a new Hotmail address is just opening up a new account. I’d have to see a lot more proof before believing that the Hotmail servers have been hacked.

05-May-2011

Reply
Helen Butts

May 10, 2011 at 8:09 pm

when i sign into my hotmail ,a page comes up telling me my hotmail account has been cancelled due to perhaps a hacker sending spam in my name.as of now i have no hotmail account and have no idea what to do about itplease help.by the way the spam is still being sent to all my contacts .

That’s this article: What are my Lost Hotmail Account and Password Recovery Options?

10-May-2011

Reply
Was Hotmail

March 19, 2012 at 7:03 pm

I believe the Hotmail server is infected. My account has had the computer equivalent of AIDS for months. I opened a gmail account and no problems with it. I wiped out all my contacts in the Hotmail account and it started juse sending spam to me. When I changed the name in my profile frrom my name to MSN Hotmail virus the spam started comming from MSN Hotmail virus. I will never trust Hotmail again.
Reply
Angela J.

May 8, 2012 at 3:15 pm

Help! I just got an email that says it’s from the “Hotmail Customer Service” saying that they are switching the servers over to new servers & that my email will be deleted if I don’t update my info. I was suspicious, so I did a little research. But came up blank. What do you think?? Here is a copy of the email—

Welcome to Hotmail.
Windows MSN Hotmail is faster, safer than ever before and filled with new ways to stay in touch. Due to increased spam and phishing activities globally, a DGTFX trojan virus has been detected in some of our servers. Your email account server will be upgraded with our new secure 1024-bit RSA key anti-virus firewall to prevent damage and spread of the virus. Click your reply tab, fill the columns below and send back to us for confirmation of the upgrade or your email account will be terminated to avoid spread of the virus.

* User Name:……………………………………..

* Password:……………………………………….

* Confirm Password:……………………………

* Country Or Territory: …………………………

Note that your password will be encrypted with 1024-bit RSA keys for your password safety.
YOUR DETAILS WILL NOT BE SHARED.

Find out what else is new or coming soon to Hotmail.
* You are receiving this message from Windows Live because you are a valued member. Microsoft respects your privacy. To learn more, please read our online Privacy Statement. For more information or questions regarding your e-mail account, visit Windows Live Hotmail Help.

Microsoft respects your privacy. Please read our online Privacy Statement.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA  2012 Microsoft Corporation. All rights reserved.

I tried calling Microsoft on the issue as well, but they don’t give Hotmail help over the phone. Any help will be appreciated. Thank you, Angela

The message you’ve received is a common phishing scam. You should ignore and delete it. You will not lose your account. This article covers the topic in more detail: Is Windows Live Hotmail about to close my account?

09-May-2012

Reply