Chinese hackers break into hundreds of Israeli gmail accounts

Looks like several hundreds (or thousands?) gmail accounts have been compromised by Chinese hackers.

Over the last couple of weeks I received some spam emails from people I personally know. When I saw the email, I immediately recognized it as a spam/phishing. Normally I’d quickly delete it and move on, but this time I suspected there’s something fishy (pun intended) going on:

The sender was a valid gmail account
gmail didn’t detect this as spam (this rarely happens on my account)
The recipient list was not random and it looked like it came from the sender’s address book. I even recognized some of the emails
The message was mailed-by and signed-by gmail.com!

Here’s the first email I got:

date Mon, Mar 29, 2010 at 4:08 PM hi i am glad to tell you a good news ,and i find a good website


http://www.buusir.info

On this website ,you can find many new and origianl electronic products .Now they are holding sales promotion activity, all the product are sold at a discount. low cost and good quality ,and the delivery is on time . It is a good chance that you should not lose. If you need some, visit this website . Hope everything goes well. Greetings!

The second email (sent Sat, Apr 10, 2010) was almost identical, but this time the URL pointed to www.buusir888.com.

If this also happened to you, I highly recommended following the instructions described here for securing your compromised gmail account: my contacts are receiving emails from my email account inviting them to website. but its not me who is sending. – Gmail Help

Tip – gmail has a very useful and little-known feature that shows the last activity in your gmail account, including IP address, time and geo-location (country, e.g. China in the above case). Visit gmail and at the bottom of the screen you’ll see something like the following picture: