Drug-dealing Spammers Hit Gmail Accounts

Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages.

The problem started about a week ago but seems to have escalated over the past few days.

"The Gmail team takes security very seriously and is investigating the reports we've seen in our user forums over the past few days," Google said Tuesday in an e-mailed statement. "We encourage users who suspect their accounts have been compromised to immediately change their passwords and to follow the advice at the following page: http://www.google.com/help/security/."

Gmail accounts are often compromised after phishing attempts or via malicious programs, which can seek out and log online credentials from a hacked computer.

It isn't clear what's behind this wave of Gmail compromises. But in forum posts, Gmail users note that the hackers appear to be sending spam via Gmail's mobile interface -- which gives mobile-phone users a way to check their Gmail accounts -- and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam.

Most of the victims are reporting that their accounts were accessed via the mobile interface when the spam was sent. They are reporting any security problems on their machines. Gmail users can check to see how their accounts were accessed at a given time by clicking on a "Details" button at the bottom of the Gmail page.

Google says there's no Gmail bug. "Our investigation has not given any indication of a bug in Gmail, either in the mobile interface or otherwise," the company said. "Spammers may sometimes use a mobile interface to access accounts they have already compromised because it's simpler for bots to use this method at large scale."

The New York Times reported Monday that Google's centralized login system, code-named Gaia, was compromised by hackers in late December. But this seems unrelated to the Gmail problem because of the different nature of the two incidents -- the December attack was a sophisticated attempt to steal data and intellectual property from Google; the Gmail spam is hardly sophisticated. It's being used to flog Canadian pharmaceutical Web sites that promise to send cheap drugs to U.S. customers.

Antispam vendor CloudMark noticed an uptick in Gmail-based pharmaceutical spam just a few days ago, according to Jamie Tomasello, the company's abuse operations manager. "We really saw this activity pick up on Friday and Saturday," she said via instant message.

Cassandra Robertson walked into a Gmail spam mess on Monday morning. "I noticed I had all these returned messages from people who were vaguely irate that I had sent them something that appeared to be spam," she said.

About 250 of her Gmail contacts received messages that contained a link to a Web site called Canadian Health&Care Mall, which offers Viagra for just $1.85 per pill.

That was embarrassing, said Robertson, a project manager with a Portland, Oregon, engineering firm. "I sent out that e-mail to everybody in my address book, which included people I had sent résumés to when I was job searching," she said.

"A lot of people were very savvy and said 'you've been hacked,' but some said, 'Why are you shilling for Viagra?'"

She has no idea how her account was compromised, but the spam was sent via a mobile connection from Serbia, she said.

Subscribe to the Security Watch Newsletter

Comments