Hotmail repeatedly Hacked

I have a Hotmail account which I use for a lot of my communications due to convenience.  Lately, it has been getting hacked on a regular basis.  I change the password every time, but it's happened at least a few times in the last two months.

Basically it sends out mass email spam links to all of my contacts from my account (not a spoofed reply-to message).  As these are friends, family, and business contacts, this is embarrassing and I would like to put an end to it and hopefully retain this email account.

This happens when I am not on any of my computers.  All of them have anti-virus software installed.  Am I leaving some sort of door open for these attacks?

Thanks in advance!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Are you using a strong password? Something like Pa55w#rd instead of password.

Are you using wireless internet?

What AV / malware scanners have you used to verify your machine is clean?
Paul MacDonaldDirector, Information SystemsCommented:
Possibly.  Have you run a rootkit detector on your personal machine?  Have you considered using a different machine for a while to see if the problem goes away.

If I were in your shoes, I'd be less worried about my HotMail account and more worried about my bank account (if you do any finanical work online).

How certain are you the headers aren't just being spoofed?  Does the hacker change your HotMail password?  

Do you have another e-mail address you use for password recovery at Hotmail?  If so, is that still correct at HotMail?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
chrisyanoAuthor Commented:
According to Hotmail, each successive password is "Strong".  I do use wireless internet but on secured networks (ie, password-protected routers).  My PCs all have either AVG or McAfee running.

Admittedly, the scans may not be up to date on my McAfee machines because these are work machines and they take forever and slow down the machine.  Unless this is an indication of a virus?

I do have a Macbook Pro, which runs Parallels (also with AVG).  The Mac side, however, is not secured as running AVG for Mac caused too many problems with other devices.

Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

chrisyanoAuthor Commented:

I don't know much about rootkit detectors, but I am open to trying that.

As for financial work--I check those fairly regularly and haven't had issues to date.

I'm not 100% certain about it not being a spoofed header, however, the emails do seem to be generated from my account (there are "sent" messages in my sent mail folder).

The password recovery email addresses are still correct.
Paul MacDonaldDirector, Information SystemsCommented:
A rootkit (a low-level hack of the operating system) won't show up with a typical antivirus scan, so I advise running something like Rootkit Revealer ( or its ilk.

Also, if you can just use one machine or the other for a week or two to see if the problem disappears, that will go a long way toward determining if the problem is machine specific.
chrisyanoAuthor Commented:

I will run the one you linked.  

Unfortunately, there are two machines that I must use for work purposes (each serves its own purpose in my business), and the third is my personal laptop which gets some usage as well.  That makes using only one machine for a couple of weeks basically impossible--unless you are referring to internet usage only.
Paul MacDonaldDirector, Information SystemsCommented:
I mean only access HotMail from one machine.  If the hacking stops, that machine is probably not a suspect.  Move on to another and try it for a while.  If the hacking still doesn't repeat, it's likely the last computer is the issue.
chrisyanoAuthor Commented:
Oh, OK.  I can limit Hotmail to one PC without too much difficulty.  In the meantime I will be running those rootkit detectors on two PCs and perhaps my Macbook's Windows as well.
madunix (Fadi SODAH)Chief Information Security Officer Commented:
Change passwords regularly and use strong one and always use different passwords for different services (facebook, yahoo, twitter, forums...)
chrisyanoAuthor Commented:
I am currently running the rootkitrevealer on one machine.

I do change passwords frequently, but I will admit that I use a handful of them for multiple sites.  Thing is, it seems only Hotmail gets hacked so I haven't been all that worried about the others to date.  Thanks for the input.
chrisyanoAuthor Commented:
Thanks.  I am going to post my results from the Rootkit Revealer once it finishes its scan.  So far it doesn't look like any issues, but I will repost another question with a fresh point award for more help.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.