Spams sent to Contact list in GMail

A few days ago, I noticed that I have been get­ting return mes­sages in my GMail account. I opened one of it, and noticed that I was actu­al­ly send­ing out spams out to peo­ple in my con­tact list.

Think­ing that it might be spoofed, I checked my out­go­ing fold­ers, and to my sur­prised I found that I did sent out those emails. From my his­to­ry of so many ancient years of using the com­put­er, I have nev­er got infect­ed by a virus, or a mal­ware before. I have yet to had any of my accounts hacked. Dis­be­lieved, I surf around want­i­ng for an answer.

I noticed a pat­tern here. The spam mail that was sent, was sent to every­one in my con­tact list. It was sent in such a way, that I myself would not have done, if I were to send out spams. I checked around dis­cus­sion groups, and found out that I wasn’t the only one that had prob­lems. In fact, it was a known issue with GMail where mali­cious sites could grab your con­tact list from the JavaScript if you have the mali­cious sites in the same brows­er win­dow.

That pret­ty much explains it. I recalled that a cou­ple of days ago, I was surf­ing and down­load­ing tor­rent files of gay porns. There were cou­ple of win­dows that popped up, but most of them are blocked by my pop­up block­er that was build-in Opera brows­er.

The porn that was down­loaded was good actu­al­ly, but that is anoth­er sto­ry. One les­son to learn is that, even with big cor­po­ra­tion as big as Google, inse­cu­ri­ty can some­times hap­pen. No mat­ter how well a code is being cod­ed, a sim­ple line could have cause an issue as big as this.

I guess from now onwards, before I start surf­ing for porns, I bet­ter make sure I do not log in to GMail, or even online bank­ing. Just in case.

, , , ,

4 Responses to Spams sent to Contact list in GMail

  1. Sham June 20, 2008 at 5:14 pm #

    I don’t see how it is pos­si­ble for any codes to have access to your con­tact list unless you reveal your pass­word.

    Uhmm as for the good tor­rent, what is the title? and where can get? 🙂

  2. Cedric Ang June 20, 2008 at 5:31 pm #

    I thought so too at first. Then again, I am using (*&@PITUYT# type of pass­word. Not that easy for the aver­age script kid­die.

    More­over, I found these.

    http://everything2.com/e2node/GMail%2520contact%2520list%2520security%2520hole

    http://groups.google.com/group/Gmail-Help-Message-Delivery-en/browse_thread/thread/e5c554347f7f3221#

  3. Sham June 20, 2008 at 5:46 pm #

    oh alright, i bet­ter be sure how i use gmail then. thanks for the heads up.

    and now, how about the tor­rent? 😉

  4. Cedric Ang June 21, 2008 at 8:41 am #

    Well Sham, I am not too sure what kin­da genre you are into. How­ev­er, if you read from my blog, you prob­a­bly can fig­ure it out. Do let me know if you are still inter­est­ed.