Researchers at Trend Micro revealed an active cyber attack targeting Hotmail users, which only requires that the victim preview the message in their browser in order to launch malware.

During the attack, victims are sent a message that appears to be from the Facebook Security Team. However, upon previewing the message, users automatically downloaded a malicious script from a remote URL, which is then injected directly into the Web page and initiates data theft.

The script then swiped the content of confidential e-mail messages and contact information, as well as forwards victims’ e-mails to a specified address, presumably that of the attacker.

Unlike other mass attacks, this one appears to be targeted to each user’s Hotmail ID.