Join 3,442 readers in helping fund MetaFilter (Hide)

Tags:

How did my gmail account send a virus to all my contacts?
November 11, 2006 10:57 AM   Subscribe

Help! Gmail account hacked by virus sent to every contact in my account.

Last night I came home to a few emails from people saying they had received a spam message from my email address, and attached was a possibly a trojan horse virus. Apparently it went to every single contact in my gmail account.

First of all how could this happen to a web based account? Is is likely it has been hijacked? I know in the past how this has happeded in Outlook, etc, but gmail?
Secondly is there anything I can do? Is my gmail account compromised at this point?

I am of course running all kinds of virus software updates on my computer and have sent a message to google, and a message to my contacts, but after searching around the internet I have not seen any similiar problems.

The content of the email, sent from a friend was this:
I thought you might want to know what the spam says: (I put spaces and in the email address to make it not a .url


"I found this software, you can send free msg since your Verizon, Cingular, Sprint, Nokia, Telcel and Movistar, Its valid into USA, CANADA and MEXICO. is better than Skype to make calls around the world. 100 % Legal Software. For more information about !!!http: //www. pcsoftware.
unlugar. com/telcel. zip!!!!"


Any advice, for someone feeling very stupid and mortified at the moment would be great.
thank you.
posted by dchunks to Technology (7 answers total)
 
Are the other people sure it was you? Viruses are notorious for forging the sender.

Check yourself, sure, but don't be convinced it is you without good evidence (like the email was sent from your IP).
posted by edd at 11:09 AM on November 11, 2006


Either you got some new virus that hasn't been added to definitions, or someone hacked your gmail account. Did you have a weak password?

My guess would be someone using a hacked machine (probably hacked by that telcel.zip trogan) is doing a dictionary attack on known google addresses.

Try changing your google password, and possibly re-install windows if you're really paranoid.
posted by delmoi at 11:11 AM on November 11, 2006


Check yourself, sure, but don't be convinced it is you without good evidence (like the email was sent from your IP).

Actually you would want to check that it was sent from google's IP. But whoever sent it had access to his contact list.
posted by delmoi at 11:11 AM on November 11, 2006


It's very possible that a friend who has similar contacts to you has an infected computer, and that the virus on his machine selected your e-mail address to forge as its sender, and then sent itself out to everyone else in your friend's address book.

I'd look in your spam or sent mail directory to see if you can find an e-mail from "yourself" containing the spam text. If you do, look at the headers, and use a service like whois.sc to find out who "owns" the IP you're writing from. If it looks like a service that one of your friends uses, you may learn which friend is infected.

This is precisely what happened to me. However, I knew more quickly that I hadn't spread the virus, given that I own a Mac and we were speaking of Windows virii. (Not that it's impossible for a Mac to spread Windows virii — but in this particular situation and with my particular mail client, it was.)
posted by WCityMike at 11:20 AM on November 11, 2006


Usually when you have a problem like this where you're the first person this has happened to, the liklihood is that what you think happened is not actually what happened. The troubleshooting steps for this are pretty straightforward in order to eliminate other, more plausible options.

1. Do you have another email account, perhaps using outlook or something more vulnerable that has approximately the same contacts list?
2. How certain are you that this message was sent to your contacts list and not, perhaps, the contact list of another person who you have a lot of mutual acquaintances with?
3. did you have an easy to guess/hack password [as delmoi asks]
4. Do you use another program to read/send email from your gmail address?
5. Do you use gmail for domain email or do you just have a blahlbhalbhlah@gmail.com address?
6. As others have said, are you sure the email address was sent from your account and not just from some guessable gmail account [see if people can check the headers on your messages to see]

It never hurts to change your password and check the other programs that you may or may not use to log in to your email (do you use any other apps that may interact with gmail?) and add yourself to your own address book so that you can be the recepient of other messages that might be sent out using whatever this method is.
posted by jessamyn at 11:22 AM on November 11, 2006


Your account didn't get hacked, you got Joe Job'd

Viruses exist that when infected send out email containing viruses to every other contact on someone's email program but also changes the from: address to random people found in messages, so that it can't be traced back.

There's nothing you can do, just inform the people you didn't send it and it's just a virus that grabbed your email randomly.
posted by mathowie at 11:27 AM on November 11, 2006


Definitely sounds like a Joe Job. Check to see where the messages were sent from.
posted by antifuse at 5:24 AM on November 12, 2006


« Older I have a huge print job, shoul...   |  Are silk stockings less likely... Newer »
This thread is closed to new comments.