Spams sent to Contact list in GMail

A few days ago, I noticed that I have been getting return messages in my GMail account. I opened one of it, and noticed that I was actually sending out spams out to people in my contact list.

Thinking that it might be spoofed, I checked my outgoing folders, and to my surprised I found that I did sent out those emails. From my history of so many ancient years of using the computer, I have never got infected by a virus, or a malware before. I have yet to had any of my accounts hacked. Disbelieved, I surf around wanting for an answer.

I noticed a pattern here. The spam mail that was sent, was sent to everyone in my contact list. It was sent in such a way, that I myself would not have done, if I were to send out spams. I checked around discussion groups, and found out that I wasn’t the only one that had problems. In fact, it was a known issue with GMail where malicious sites could grab your contact list from the JavaScript if you have the malicious sites in the same browser window.

That pretty much explains it. I recalled that a couple of days ago, I was surfing and downloading torrent files of gay porns. There were couple of windows that popped up, but most of them are blocked by my popup blocker that was build-in Opera browser.

The porn that was downloaded was good actually, but that is another story. One lesson to learn is that, even with big corporation as big as Google, insecurity can sometimes happen. No matter how well a code is being coded, a simple line could have cause an issue as big as this.

I guess from now onwards, before I start surfing for porns, I better make sure I do not log in to GMail, or even online banking. Just in case.

, , , ,

4 Responses to Spams sent to Contact list in GMail

  1. Sham June 20, 2008 at 5:14 pm #

    I don’t see how it is possible for any codes to have access to your contact list unless you reveal your password.

    Uhmm as for the good torrent, what is the title? and where can get? 🙂

  2. Cedric Ang June 20, 2008 at 5:31 pm #

    I thought so too at first. Then again, I am using (*&@PITUYT# type of password. Not that easy for the average script kiddie.

    Moreover, I found these.

    http://everything2.com/e2node/GMail%2520contact%2520list%2520security%2520hole

    http://groups.google.com/group/Gmail-Help-Message-Delivery-en/browse_thread/thread/e5c554347f7f3221#

  3. Sham June 20, 2008 at 5:46 pm #

    oh alright, i better be sure how i use gmail then. thanks for the heads up.

    and now, how about the torrent? 😉

  4. Cedric Ang June 21, 2008 at 8:41 am #

    Well Sham, I am not too sure what kinda genre you are into. However, if you read from my blog, you probably can figure it out. Do let me know if you are still interested.