Russian Spammer using Hacked Hotmail Accounts

1. This is a spammer that emailed me from a friend's hacked hotmail account:
2.  
3. Delivered-To: **********ME********
4. Received: by 10.227.139.207 with SMTP id f15cs133852wbu;
5. Sun, 19 Sep 2010 21:59:29 -0700 (PDT)
6. Received: by 10.150.11.9 with SMTP id 9mr8441901ybk.295.1284958767581;
7. Sun, 19 Sep 2010 21:59:27 -0700 (PDT)
8. Return-Path: <****hacked*email*account****@hotmail.com>
9. Received: from bay0-omc1-s16.bay0.hotmail.com (bay0-omc1-s16.bay0.hotmail.com [65.54.190.27])
10. by mx.google.com with ESMTP id q5si4959682ybe.79.2010.09.19.21.59.27;
11. Sun, 19 Sep 2010 21:59:27 -0700 (PDT)
12. Received-SPF: pass (google.com: domain of ****hacked*email*account****@hotmail.com designates 65.54.190.27 as permitted sender) client-ip=65.54.190.27;
13. Authentication-Results: mx.google.com; spf=pass (google.com: domain of ****hacked*email*account****@hotmail.com designates 65.54.190.27 as permitted sender) smtp.mail=****hacked*email*account****@hotmail.com
14. Received: from BAY146-W12 ([65.54.190.61]) by bay0-omc1-s16.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
15. Sun, 19 Sep 2010 21:59:14 -0700
16. Message-ID: <BAY146-w12D9F760E96DDE2ECFF2AB9E7E0@phx.gbl>
17. Return-Path: ****hacked*email*account****@hotmail.com
18. Content-Type: multipart/alternative;
19. boundary="_b40bc0c4-9e26-490f-9866-1fa4ad70f9db_"
20. X-Originating-IP: [186.61.0.106]
21. Reply-To: <****hacked*email*account****@hotmail.com>
22. From: w******* P********* (real original owner's name) <****hacked*email*account****@hotmail.com>
23. To: <**********ME********>
24. CC: 26 of his contacts (that might be all he had)
25. Subject:
26. Date: Sun, 19 Sep 2010 21:59:13 -0700
27. Importance: Normal
28. MIME-Version: 1.0
29. X-OriginalArrivalTime: 20 Sep 2010 04:59:14.0396 (UTC) FILETIME=[924FE9C0:01CB5880]
30.  
31. --_b40bc0c4-9e26-490f-9866-1fa4ad70f9db_
32. Content-Type: text/plain; charset="iso-8859-1"
33. Content-Transfer-Encoding: quoted-printable
34.  
35. http://angelfire.com/murphyjedypa/lypagy.html Telecomminicatung from ohme a=
36. nd earn big monye
37. =
38.  
39. --_b40bc0c4-9e26-490f-9866-1fa4ad70f9db_
40. Content-Type: text/html; charset="iso-8859-1"
41. Content-Transfer-Encoding: quoted-printable
42.  
43. <html>
44. <head>
45. <style><!--
46. .hmmessage P
47. {
48. margin:0px=3B
49. padding:0px
50. }
51. body.hmmessage
52. {
53. font-size: 10pt=3B
54. font-family:Tahoma
55. }
56. --></style>
57. </head>
58. <body class=3D'hmmessage'><a href=3D'http://angelfire.com/murphyjedypa/lypa=
59. gy.html'>http://angelfire.com/murphyjedypa/lypagy.html</a> Telecomminicatun=
60. g from ohme and earn big monye<br> </body>
61. </html>=
62.  
63. --_b40bc0c4-9e26-490f-9866-1fa4ad70f9db_--
64.  
65.  
66. Please take note that the spam email tells you to visit:
67. http://angelfire.com/murphyjedypa/lypagy.html
68.  
69. The problem with that site is this first line of code:
70.  
71. <script type="text/javascript">
72. window.location = "http://redirectservice.ru/business/2010-live70/"
73. </script>
74.  
75. You can see that the code causes you to be redirected from that angelfire link to a Russian site.
76.  
77. I am contacting Lycos about the spam on Angelfire because Lycos owns Angelfire and going to Angelfire supports refers me to Lycos.
78. This is the page I am refereed to:
79. http://info.lycos.com/copyright.php
80.  
81. Also to see the spam site itself to see the redirection code (only do this if you are an experienced spam fighter or you may endanger your computer / security) is to view it only in http://web-sniffer.net/
82.  
83. I viewed it also Sandboxed to see the redirect and since I have scriptblocker on (didn't want to disable it without first checking out the security on the site it would redirect me to) and took a picture and uploaded it here:
84.  
85. http://imgur.com/Aitpt.jpg