Unfortunately my GMail account martin [dot] mcdowell got somehow hacked today and someone (or something) in China sent a spam message to all my 119 e-mail contacts in my address book at 15.35 this afternoon. The IP address the hack originated from was 126.96.36.199 and is assigned to the Chinese ISP CNC Group CHINA169.
It looks like there was a Google-wide attack as their systems crashed. There are several reports of hacked accounts on Google forums. The message was just a spam and did not contain any viruses or worms in itself.
Subject: How are you doing,my dear friend?
How are you doing,my dear friend?
I am really happy now because i got my new iphone.haha…
I really want an iphone,you know that,right?
And i just found a cool place to buy it with a cheaper price.
Hope you can have a look.
Have a nice day and best regards!
For what its worth I have reported the matter to the police and I have also got in touch with the attacker’s internet service provider China 169. Unfortunately I have no suggestions, other than change your password regularly, on how anybody else should avoid this specific attack as I am convinced that both my computers are clean, one of them is even a GNU/Linux machine! I take security quite seriously but I do apologize to anyone who received this spam from my e-mail account.
Here is what I saw when I tried to access Google calendar about the time of the attack:
Update 24 November 2010
The one thing that angered me was that Google has a unusual activity detection system and even though I was on GMail at the time of the attack I saw no warnings. In fact the only warning I received as about 7h later at about 10pm. The original access table said the Chinese access came from a browser, now it says its ‘Unknown’.