I Was Hacked… Or Wormed?

So we all hear about hackers and viruses and worms that do all kinds of crazy things with our computers, websites and email accounts… but that only happens to other people, right?

Well, this weekend it happened to me.

Saturday morning I woke up to discover that someone or something had sent out a spam email through my Gmail account, to 100 people in my address book ranging from S to Z.

Since my Gmail is set to default to my LWL Worldwide email address, then everybody got an email from me on my professional business address.

Yeah, real professional!

So after doing my best to do damage control with the poor people who received the obnoxious spam, I set out trying to find out who — or what — exactly caused it to happen, and how to prevent it from happening again…

My first thought was that a hacker had done it through the LWL server, since I was alerted to the fact that it had happened by a bunch of emails saying “Undelivered”, “Verification Required”, or “Your support ticket has been received” that all came back with an LWL label (one of the things I love about Gmail is the ability to have all my email addresses come into one account, and have them automatically tagged with various colored labels).

Uhh… yeah, because they started with my contacts that begin with S, there were a whole pile that went to “support@” or “sales@” various sites. So those ones went into various ticketing systems, for the most part.

Then there were a couple of emails from people thinking I had seriously sent out the spam, and one of them was explaining to me how I shouldn’t have put all the addresses in the “To” field because everyone could read them.

Well, duh! I would never do that, if I had any control of what had been sent out!

I tried replying to a few to explain what had happened, and discovered that Gmail had shut me down. Every time I hit “Send” I got this message:

Error!
You have reached a limit for sending mail. Learn more.

“Learn more” was a link, but I didn’t click it yet. I was bound and determined to find out what happened, stop it if it was in progress, alert the recipients if at all possible, and try to prevent it from happening again.

I was also curious to see exactly what the spam had been (the subject line was “Interesting online program”, so I was panicking that people had thought I really sent it and was endorsing something) so I looked in my “Sent” folder and found the email there… along with all the addresses it had been sent to.

Awesome! My chance to do damage control!

I copied all the addresses from the “To” field and went into a second Gmail account I have, and sent out an apology and an explanation to everyone — also a request to NOT click on the link, since it may be a virus or a worm.

Then several people replied, saying they had figured something was up with the first one, and some of them asking me to let them know what happened if I found out.

Again, I tried replying to them… but found that, for the second time, I had reached my send limit.

Now I checked that link, and found out that:

OK, well only 100 went out both times… so it must have been because of all the bounce-backs (I figure less than 50 went to real people, so I’m grateful that Google did shut my account down after only 100 instead of 500… it stopped more spams from going out, and 24 hours later I was back up and running myself).

Of course, the first thing I had done after seeing that the emails were sent from my Gmail account had been to change my password. And while looking through my settings, I also noticed that my default signature had been changed to include an ad for the spam link, too.

Now THAT was really creepy! If I had sent out any emails (if I had been able to send out any emails) without checking that, then I would have been spamming people again with a bogus link!

In case you’re curious, this is what the spam had said:

Hi

This program is probably the fastest and the easiest way to create
an income stream that can gradually replace your current job or career!

Get $349,859.00 For A One-Time Fee Of $29.99!
No Advertising And No Recruiting Required!
Guaranteed Money Within 5 Days!
Huge Sponsor Bonus 9 Levels Deep!
No Waiting All Payments Are Made When Due!
$455.34 In Products With Resale Rights!

(And the link was for a site I’m not going to promote, but something to do with “money”).

So this whole time, up until just a few moments before I sent my “damage control” email to the recipients, I had been assuming that an actual person had hacked into my account, changed my signature, and sent the spam out.

In the meantime, though, Barry had done some research that pointed to a worm actually being responsible for it. There was a thread on the Google Groups Help Forum that was eerily similar to what I had experienced… where a guy was saying that first his friend, and then he, had had spams sent to their contacts through their Gmail accounts:

Fraser G: A week or two ago my friend sent a mass e-mail to his address book, but it was not done by him. We aren’t sure if someone hacked the account or some how exploited the Gmail system in order to acquire his address book but after this happened I figured it is a good idea to change my password. Today I just received numerous bounce back messages with a spam message in a similar style — e-mailing everyone in my address book. I only log in to Gmail from the browser as well as IMAP on my iPhone. I don’t know where the mail was being sent from, as my sent items does not have the e-mail which spammed everyone. I have changed my password again but am concerned this may continue, or happen with other people I know who have Gmail.

Virden: No hacking was involved, no stealing of passwords, no exploiting GMail, no real person involved. it was all local and done by a small program. You and your friend did not keep your security programs up to date or were not using them to screen incoming e-mail. Consequently your computers picked up a worm from an e-mail message, a kind of self propagating virus. You probably got it from your friend. It has automatically sent fake messages which contain a hidden copy of itself to all the addresses in your address books directly from your computers by faking your e-mail addresses. Its called spoofing. Whenever your computer is turned on and is connected to the Internet, the worm is busy sending spoofed e-mail and you can’t see it. You know that such messages were sent because you are getting all those bounce reports. No copies of the spoofed messages are in your Sent folder.

If there was a Google Group’s e-mail address in either book, it spoofed your subscription e-mail address and sent fake messages to the group. If the Group was moderated, the moderator probably stopped the messages in the queue because the content was nonsense. If it is a unmoderated group, it was probably caught un outgoing mail by Google Groups mail filters. So far as Groups are concerned, the damage was probably minimal.

Changing your GMail password had no effect. Update your anti-virus software and then use it to do a complete clean out of your hard drive. Once in, some worms can remain persistent and hard to get out. If your anti-virus software reports anything it can detect but not delete, report that information to the provider of your anti-virus software and request assistance. From now on, use your anti-virus software to screen every incoming e-mail you get, to avoid your computer getting re-infected.

After reading this, I was leaning towards it being a worm, not a person, who had done the deed. The only piece of the puzzle missing was… I DID have the email that had been sent in my “Sent” folder. So it wasn’t this invisible “spoofing”, and it certainly looked like an actual person had been in there.

My only other experience with a hacker ever happened a couple of months ago, when someone hacked into my Skype account, changed my login info, and drained my associated PayPal account by charging and using as many Skype credits as it would let him have (that account only had about $120 in it, but it was all taken, and Skype refused to reimburse it even though they originally said that I would not be liable for it).

So since that was a real person, I had figured this was a real person… but now I wasn’t so sure.

So while I sparked up my laptop to send the damage control emails, I ran every spyware and anti-virus program I have, and then some, on my desktop computer, which is the one I use most often and the one I discovered the fiasco on.

First I ran Ad-Aware, then Windows Defender, then Bit Defender (this one runs every night at 4 a.m., but I had stupidly clicked on the link in the spam to see what it was, and I didn’t like what I saw or that it seemed to be installing something on my computer… so I ran it again), then Spyware Doctor (which Barry downloaded for me through Google Updater), then I went to PCPitstop.com to run a full system scan.

One of my associates who replied to my damage control email also recommended Avast, which I have since run as well… he says it’s better than Norton at getting worms and Trojans, and it runs in the background in real time, which is great.

But the weird thing is, every single scan told me either that my computer was fine and virus-free, or else it found “Low” threats like tracking cookies (yes, I deleted them all anyhow).

Hmm… so was it a super-worm or Trojan that none of the programs found… even the highly recommended Avast?

Or was it a person after all?

All I can tell you is that it didn’t happen again today, and I figured if it was a worm or something that I didn’t get, it would have kept going after Google removed my mailing restriction.

If it was a person who wanted to try again, they’d have to figure out my new password.

Or would they?

During the course of my research into what had happened, I found a rather unsettling article about a hacker who was able to get into numerous Gmail accounts live, in front of an audience of journalists. He didn’t need the passwords or user names; just certain cookies and IP addresses.

Then again, it was done over an unsecured WiFi connection, and ours is secured… but still, it gave me pause for thought.

How safe are we online?

I also found several references to a site that’s able to see all your Gmail contacts just by visiting while logged into Gmail (and I tend to be logged into Gmail a lot as I work).

And then I got an email back from one of my “spam victims”, the assistant of a prominent personal development expert and life coach that we know. And she said this:

Hi Heather,

There is nothing you can do… and it may not be the last time it happens to you either. It happens to all of us at some time. At the moment some virus is sending out porn links using my own private email address -– of course I am mortified and there is nothing I can do about it… there is nothing our ISPs can do about it either… unless the entire world uses strong AntiVirus programs that can stay up to date and stop the very first virus before it starts off, there is nothing any of us can do… it happens with (name withheld’s) addresses too — I’ve seen some horrible things going out supposedly from her but it is just virus activity, grabbing her email address from someone’s contact book who does not have sufficient anti-virus software protection on their computer!

Have a great week anyway!

And yet, for me, someone (or something) was actually in my email account.

So again… how safe are we?

And what can we do about it?

Well, at this point, all I can say is that, like with anything in life, we can’t be victims.

We can’t let external circumstances control us. We need to control them.

We can’t let possibilities stop us from moving forward… but we can certainly seek answers.

In other words, I’m not suggesting fear (or the creepy feeling of having been invaded) prevent us from doing our business, or running our lives, using the power of the internet. But we should not feel bad about protecting ourselves using regular anti-virus programs, secure connections, and other tools to make the experience the way it was meant to be… without becoming paranoid or reaching paralysis by analysis (which is why I’ve decided to stop the intense investigation here, and let readers add any input they have).

If you have anything to add to this issue, please let me know by leaving a comment below. Empowerment is in coming together to solve problems!

Keep Unwrapping The Mysteries of Life!