IDG News Service - Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages.
The problem started about a week ago but seems to have escalated over the past few days.
"The Gmail team takes security very seriously and is investigating the reports we've seen in our user forums over the past few days," Google said Tuesday in an e-mailed statement. "We encourage users who suspect their accounts have been compromised to immediately change their passwords and to follow the advice at the following page: http://www.google.com/help/security/."
Gmail accounts are often compromised after phishing attempts or via malicious programs, which can seek out and log online credentials from a hacked computer.
It isn't clear what's behind this wave of Gmail compromises. But in forum posts, Gmail users note that the hackers appear to be sending spam via Gmail's mobile interface -- which gives mobile-phone users a way to check their Gmail accounts -- and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam.
Most of the victims are reporting that their accounts were accessed via the mobile interface when the spam was sent. They are reporting any security problems on their machines. Gmail users can check to see how their accounts were accessed at a given time by clicking on a "Details" button at the bottom of the Gmail page.
Google says there's no Gmail bug. "Our investigation has not given any indication of a bug in Gmail, either in the mobile interface or otherwise," the company said. "Spammers may sometimes use a mobile interface to access accounts they have already compromised because it's simpler for bots to use this method at large scale."
The New York Times reported Monday that Google's centralized login system, code-named Gaia, was compromised by hackers in late December. But this seems unrelated to the Gmail problem because of the different nature of the two incidents -- the December attack was a sophisticated attempt to steal data and intellectual property from Google; the Gmail spam is hardly sophisticated. It's being used to flog Canadian pharmaceutical Web sites that promise to send cheap drugs to U.S. customers.
Antispam vendor CloudMark noticed an uptick in Gmail-based pharmaceutical spam just a few days ago, according to Jamie Tomasello, the company's abuse operations manager. "We really saw this activity pick up on Friday and Saturday," she said via instant message.
Cassandra Robertson walked into a Gmail spam mess on Monday morning. "I noticed I had all these returned messages from people who were vaguely irate that I had sent them something that appeared to be spam," she said.
About 250 of her Gmail contacts received messages that contained a link to a Web site called Canadian Health&Care Mall, which offers Viagra for just $1.85 per pill.
That was embarrassing, said Robertson, a project manager with a Portland, Oregon, engineering firm. "I sent out that e-mail to everybody in my address book, which included people I had sent résumés to when I was job searching," she said.
"A lot of people were very savvy and said 'you've been hacked,' but some said, 'Why are you shilling for Viagra?'"
She has no idea how her account was compromised, but the spam was sent via a mobile connection from Serbia, she said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts