Microsoft Hotmail Exploit Stealing Email – What’s the Exposure?

Matt Keil


Category: Uncategorized

When asked what personal email you use, most will immediately reply with Gmail, Facebook Mail, or Yahoo Mail while a select few of us will admit to using Microsoft Hotmail. Why? Speculation would be that it is because Hotmail is viewed as “old” and “klunky”. But that is pure speculation.

So when the admission by Microsoft that a Hotmail exploit is stealing email, many may have replied well so what, no one uses Hotmail anymore, right?

Wrong!

Using data from the most recent Application Usage and Risk Report (May 2011), Hotmail and email in general, generated these impressive statistics:

  • 56 email variants were found in use, collectively consuming 5.4% of the overall bandwidth observed (1.5 exabytes).
  • Webmail, defined as those email applications most commonly used for personal use and supposedly dying due to the explosive growth of social networking has shown a 5 fold year-over-year increase in usage based on the percentage of bandwidth consumed.

  • Hotmail is the 3rd most frequently used email program with only Gmail and the mail protocol SMTP found more often.
  • Hotmail is the 4th most heavily used email application in terms of bandwidth consumed. Hotmail consumed 173 Petabytes of bandwidth which amounts to 1% of the overall traffic observed and more impressively, 12% of the total email traffic observed. Only Gmail, Exchange, SMTP consumed more bandwidth.
Email Program Found Bandwidth Consumed (in Petabytes) % of Total Bandwidth Observed % of Email Bandwidth Observed
SMTP 469 PB 2% 31%
MS-Exchange 254 PB 1% 17%
Gmail 213 PB 1% 14%
Hotmail 178 PB 1% 12%

So to say that the risk is low because no one uses Hotmail is presumptuous, and as the article comments referenced above indicate, Hotmail is indeed used by corporate customers as their business email system. Additionally, employees are known to, for whatever reason, use their personal email accounts for business purposes. Regardless, the exploit is significant. The response to the public appears to be insufficient.

Note: The Application and Usage and Risk Report (7th Edition, May 2011):  The report summarized 1,253 traffic assessments performed worldwide between Oct 2010 and April 2011. Total bandwidth observed was 28 exabytes and the number of applications discovered was 1,043. Frequency indicates that the application used was found at least once during the assessment.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS