Need to blow some steam...

So, I was coming home from work at about 7:10, because, well, there's was a nice little party to congratulate a friend who just finished his Ph. D. in physics. We drank some wine, champagne, ate some cheese... before I head to my home where SWMBO was waiting for me. I arrive at 8:00, we eat and then we listened to a little bit of TV and then I logged on my gmail account.

Well, I had about ten e-mails saying to me that the emails I sent at 7:20 couldn't be sent to some e-mail address. Wait... the emails I sent at 7:20? I wasn't even before a computer at 7:20.

So yeah, a little guy ( Albanie (79.106.109.77) ) spammed my friends using my gmail account. A kind of non-sense URL all finishing by .co.cc (with a bizzarre and different name for every email sent). Oh, my friends? Well, they'll understand.

Wait... no, no, my entire ******* contact list, which, on gmail, is updated automatically with every ingoing email. And I have this email address for some time now (7 years). Which means I have a lot of contact. And that means the boss, and ex-bosses. And friends, ex-friends, some old woman at the university I mailed to have some informations, some student I was a Teaching Assistant too (who emailed me to have some help), my mother, brother and sister, uncles, aunts, etc.

Yeah, I had a real fun to write-back to everyone "Hey, don't read my last email, I fall prey to some hacker-spammer blablabla". And this also has the problem that old friend emails me back "Heh! Long time no see! I'm sorry we don't talk much, what happens with you?". From some friends, that's nice. From some other, well, I didn't recontact them for a reason.

I just don't understand how it happened. I changed my password, my secret question, and I'm performing a full system scan using MSE. Will follow with Ad-aware and maybe AVG to see if the problem is caused by a known malware.


DIE, ******* spammer. JUST ******* DIE ***** ** ****.

How secure is your password? I find that it's more likely that gmail being web based that the account itself was hacked and not your computer. It is POSSIBLE that your computer is compromised, I would run a slew of stuff to determine this. Check your router logs at the time this occurred, this will tell you what was going on on your machine. If there is in fact outgoing activity on your computer at this time then it's obviously compromised.

However if the hacker was able to secure your details from malware on your computer then it's just as easy for said hacker to access your email from anywhere.

A good friend of mine just had the same happen to her online email account. It was not on her computer it was just the account. Password was changed, personal details and security measures changed and all is well. Her password consisted of the combination of two commonly used words. Thus very insecure.

I would secure your email account, use a very difficult password, and then run all manner of cleaners, scanners. I would run from a bootable disc to properly scan and have piece of mind.

Maybe I've been lucky, never had an account cracked. On the other hand, the last place I worked ran SATAN against everyone's accounts and I was in the 3% that it couldn't crack. I use several common words and a physical location shift most of the time. Some sites can't handle the results, so I use 4-5 short words.

Oh, my password was very hard to crack I think. It was a 15 characters long password with mixed minuscule and majuscule letters and numbers. And the numbers everywhere in the password, not just at the end.

It was something like (but is not) C3rB3ru51sGr3aT53. OK, I didn't have special characters such as @!?%$. But still, I would guess this would take some time with traditional brute-force methods. This is like... 62^15 password possible at this lenght (26 minuscules, 26 capitals, 10 digits). And this is assuming they know my password is 15 characters long. If not and they have to try everything, it's more like (62^15+62^14+62^13+....) So I'll guess they found it by using some malware/keylogger of some sort.

I must say this is surprising it happened to me. I'm usually a clean guy when it comes to software installation, and well... I have an anti-virus (Microsoft Security Essential, which review are very good and which protect my computer continuously) which didn't find anything and I ran ad-aware which found some cookies, but I don't think, by looking at them, that this was it.

Now, the bot seemed to send e-mail to everyone in my contact list as previously stated. Alphabetically. So, I told myself : "Heh. I don't need no contact list, if I ever have to write to someone, I can search through my gmail using the search function for any conversation I had with them before". So I deleted every contact of my list. The whole 170. So I'm hoping that, if it connects again with my new password, it'll will send spam to nobody because of lack of contact.

And now, I'm monitoring who connect to my account and from where.

The thing though, is that, if it's some malware I didn't find on my home computer, it could be on the work computer. I guess Mac's can be vulnerable too.

My big problem is my business' bank account. The cards keep getting compromised, even when they are not being used!

Funny you mention Macs. Back when Apple was still making Apple computers, they were the #1 virus target. I supported 80 Apple IIs for a couple years and not a week went by without one of them becoming infected.

This is actually happening a lot on gmail. It's part of the reason Google pulled out of China. There are hackers in China that are hacking gmail accounts.

yeah, i try to keep my passwords long and completely random, with numbers and case mixed in.

my wife is horrible. her old 401k account password? our daughter's name. she doesn't even know her new password, lol. i can't risk that.

Thats an Albanian IP address. That surprises me. The big spammers/virus writers usually come from China and Russia.

At any rate, scan your machine with SuperAntiSpyware and MalwareBytes to try and remove whatever you have on there. If your PW was 15 chars long with upper and lower with numbers it is highly unlikely it was due to brute-force. That would take ages.