Earlier this week someone borrowed my gmail address and sent a spam email to all my gmail contacts at around 5 in the morning. It made me pretty upset, I can tell you, not to mention embarrassed. Bad enough that someone 'broke in' while I was sleeping, as it were, worse to spam my contacts. Hrrmph.
The first I knew of it was when a friend tweeted to tell me they'd just had a spam email from me. I had to go to work that morning, so I had just enough time to send a follow-up email explaining the situation to my contacts and shut down and disconnect my computers before heading out the door. It wasn't until hours later that I could start dealing with it.
The question was, where to start? This sort of thing, as I said in my email, is outside my skillset. I had virus and spyware checkers running on both machines, with automatic updates enabled - the same thing I've used without incident for 18 months. I log into gmail here there and everywhere - that's the point of webmail - but always log out (at least I think I do, maybe I didn't once or twice and remained logged in on foreign computers).
On the upside, I got almost 100 emails that day and in the following few days. Some from friends commiserating, some from friends I hadn't heard from for aeons, one from someone I don't know and who doesn't know me but who was kind enough to offer commiseration anyway, a few perplexed responses from various support services, and several from people who'd had a similar experience. Judging by the number of disgruntled entries in Google groups about the subject, so have thousands of others.
One, who works on ships, wrote politely but firmly asking me to remove the ships' email addresses from my contacts because one ship's computers had crashed. A potential disaster.
A good number of people emailed me with advice. To you all, my sincere thanks. On the strength of advice received, and without being able to pinpoint the actual problem, I did much of what was suggested:
Changed my password on another known-to-be-safe computer
Restored my systems to a restore point before the attack
Ran full scans on both machines (nothing found)
Checked the virus checker updates were up to date (they were)
Checked the firewalls were on (one wasn't, gulp, don't ask me why or how - maybe when I was faffing around setting up my new desktop in the past week or so but I certainly didn't consciously turn it off.)
Downloaded and ran a registry cleaner on both machines (lots of issues found) and set it to run overnight from now on
Changed a few more passwords from other computers, just to be safe
So what's the moral of the story? Ach, I don't know. Maybe that computers are too complicated for ordinary mortals. I'm an average Jo trying to establish a small business. I work long hours and have to do most things myself.
I take time to read up on a lot of things I buy/use, but when it comes to computer security, the reading doesn't necessarily help. I can look at comparison websites till I'm blue in the face but if I don't understand what I'm comparing it's of little use. I don't know what the registry does, I don't know how viruses and malware work, I don't know which virus and spyware checkers work best or whether I need more than one.
In a similar vein, the advice I got from friends was contradictory. And as much as I'd like to hire someone to come in and give me some IT advice, I wouldn't know what kind of service to look for, or whether one outfit was better than another. Maybe I'll find a spare week some time to read up on that, maybe I won't.
What I do know is that there wouldn't be a problem if it weren't for the toejams who write the viruses in the first place.
In the end, though, I think I made a mistake one day and plowed on without realising it. So, sincere apologies for being a weak link in the chain. And, again, thanks for your help.
For the record, the details are below if you fancy figuring out what happened and how.
_________________________________________________________________
The email went to all my gmail contacts (not that I'd added most of them as contacts, they are just people I've had email contact with through that address over the past few years).
It was sent at 21 May 2008 5:11:57 AM.
The sender was: my gmail address.
I can't see it in my gmail Sent folder.
Only one was sent and I've had no trouble since (fingers crossed).
None were sent from my domain email account (which I run in Outlook)
No problems with any other website accounts (passwords now changed)
My virus/spyware checker (Windows Live One Care) ran at 11pm the night before
Both computers were in sleep mode, wifi button was ''on''
The email text was:
Dear Madam/sir,
We are a wholesaler which deal with all kinds of such electronic products as motorcycles, TV, Notebooks, Phones, Psp, Projectors, GPS, DVD, DV, DC, MP3/4, musical instruments, toys, watches and so on. We can offer quality goods with reasonable price. We deliver our items by EMS to our customers around the world,
When you have time, welcome to visit our website and contact us. Thanks.
If you have any question, please don't hesitate to let us know. We will glad to help you.
Welcome to our website and enjoy your purchasing.
Our website: <www.eshow123.com>
Mail:<show123on@hotmail.com>
Mail:<show123on@yahoo.cn>
MSN: <show123on@hotmail.com>
I hope to hear from you soon.