Hotmail definitely has its problems, but this probably isn’t one of them.
While someone’s got a virus, it’s not Hotmail/Outlook.com. And it’s probably not you.
But it might be someone you know.
Become a Patron of Ask Leo! and go ad-free!
Mail programs versus mail servers
First, realize that Outlook.com (Hotmail’s replacement) isn’t running mail software like you and I run. Outlook.com, and other mail services, run custom software that is tuned for being mail servers – for collecting and delivering mail on behalf of customers. The “address book” that you see on screen is most likely stored on the Hotmail servers in a custom and undocumented format that would be near impossible to reverse engineer without direct access to the Microsoft data center. None of the current sets of viruses would have a clue as to what to do with it.
That brings up another argument against Hotmail being hacked: for many, many reasons, I’m sure that Microsoft and Microsoft related servers are some of the biggest targets for hackers on the planet. You can bet that these are some of the best secured servers in existence. From industrial strength firewalls to totally secured and locked down data centers in undisclosed locations, Microsoft servers are exceptionally well guarded.
Finally, if there were any kind of a security breach or problem, you know that Microsoft would be all over it as fast as is humanly possible – taking the service down if necessary to protect its customers.
So, no, I don’t believe Outlook.com or Hotmail has been hacked, or has any kind of infection.
If not Outlook.com, then where?
So where’s the mail coming from?
It’s much more likely, and in fact very common, that another PC belonging to a regular computer user has been infected with a virus. In fact, I’ve seen some incredibly high estimates of the numbers of infected machines that are sending out spam and viruses. One of the things that these spam-sending zombies do is fake the “From:” line on the email that they send. It looks like it came from your Hotmail account, but in fact it came from somewhere else entirely. A quick look at the details of the mail header usually confirms this.
I’ve discussed this at length in an earlier article “Someone’s sending from my email address! How do I stop them?!“.
The bottom line is that there’s actually little to be done other than, as you have already, make sure that your machines are protected and scanned regularly for spyware and viruses making sure that the scanners are up to date, using a firewall, and using common sense with a liberal dose of skepticism.