IDG News Service - Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages.
The problem started about a week ago but seems to have escalated over the past few days.
"The Gmail team takes security very seriously and is investigating the reports we've seen in our user forums over the past few days," Google said Tuesday in an e-mailed statement. "We encourage users who suspect their accounts have been compromised to immediately change their passwords and to follow the advice at the following page: http://www.google.com/help/security/."
Gmail accounts are often compromised after phishing attempts or via malicious programs, which can seek out and log online credentials from a hacked computer.
It isn't clear what's behind this wave of Gmail compromises. But in forum posts, Gmail users note that the hackers appear to be sending spam via Gmail's mobile interface -- which gives mobile-phone users a way to check their Gmail accounts -- and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam.
Most of the victims are reporting that their accounts were accessed via the mobile interface when the spam was sent. They are reporting any security problems on their machines. Gmail users can check to see how their accounts were accessed at a given time by clicking on a "Details" button at the bottom of the Gmail page.
Google says there's no Gmail bug. "Our investigation has not given any indication of a bug in Gmail, either in the mobile interface or otherwise," the company said. "Spammers may sometimes use a mobile interface to access accounts they have already compromised because it's simpler for bots to use this method at large scale."
The New York Times reported Monday that Google's centralized login system, code-named Gaia, was compromised by hackers in late December. But this seems unrelated to the Gmail problem because of the different nature of the two incidents -- the December attack was a sophisticated attempt to steal data and intellectual property from Google; the Gmail spam is hardly sophisticated. It's being used to flog Canadian pharmaceutical Web sites that promise to send cheap drugs to U.S. customers.
Antispam vendor CloudMark noticed an uptick in Gmail-based pharmaceutical spam just a few days ago, according to Jamie Tomasello, the company's abuse operations manager. "We really saw this activity pick up on Friday and Saturday," she said via instant message.
Cassandra Robertson walked into a Gmail spam mess on Monday morning. "I noticed I had all these returned messages from people who were vaguely irate that I had sent them something that appeared to be spam," she said.
About 250 of her Gmail contacts received messages that contained a link to a Web site called Canadian Health&Care Mall, which offers Viagra for just $1.85 per pill.
That was embarrassing, said Robertson, a project manager with a Portland, Oregon, engineering firm. "I sent out that e-mail to everybody in my address book, which included people I had sent résumés to when I was job searching," she said.
"A lot of people were very savvy and said 'you've been hacked,' but some said, 'Why are you shilling for Viagra?'"
She has no idea how her account was compromised, but the spam was sent via a mobile connection from Serbia, she said.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts