In the following screenshot you can see a spam mail that only includes a link, it is very likely that you have ever received a similar one, sending from the address of a friendly contact:
(click to see larger)
These emails are automatically sent from compromised email accounts or infected computersGenerally, with the links they promote pages of spam products (viagra, watches, dating sites, etc.) and in some cases they seek to infect with fake antivirus and malicious downloads.
This is a common practice for spammers to take advantage of contact lists, avoid spam filters and improve the campaign effectiveness, because it is not the same to receive a link from an unknown email than from the address of a friend, beyond that some users click on everything or not.
Hotmail accounts are more stolen than Gmail accounts:
A couple of days ago the security company Commtouch published a report on the most common Internet threats in the last 3 months, spam is obviously one of them and within the data they disclose is the following graph:
Spam sent from real and fake Gmail and Hotmail accounts is compared.
Almost 30% of the spam sent with Hotmail was made from compromised accounts, that is, real emails that were stolen and are used by spammers (what I said at the beginning). While in Gmail most spam was sent from fake or made-up accounts, a technique also known as email spoofing.
It is interesting to see the difference in stolen accounts between the two services, in general Gmail users have a more advanced profile than Hotmail users, that is possibly one of the factors that influences this difference.
Also, Hotmail users are more likely to enter their passwords anywhere because of who sees who supports or removes them, the MSN worms that infect computers must also play their role.
What to do if your account is used to send spam?
Change the password and perform a full scan of the PC for viruses.
See also: Compromised Account – Unauthorized access to the Hotmail account. 10K of traffic per day is about 180 thousand dollars per year for a cybercriminal.