E-mail mystery: malware or human hacking?

I use my ISP e-mail account for e-mailing friends and family. I keep a gmail account for e-mailing people who I want to keep at arm's length, and I don't "migrate" my contacts between the two accounts. They remain either on one account or the other.

In my gmail in-box, I received a "bounce back" from a message from my account that didn't go through. I did not create the message. The message was addressed to a long-time friend (let's call him "Graham Tomlinson") from my ISP account, using his first and last name (with the first name misspelled) and "@charter.net" for the address.

The bounced message address also contained my friend's correct middle initial, which is not kept anywhere in my computer. So it was addressed to the equivalent of "grhaaam.q.tomlinson@charter.net". The return address was my gmail address. I also found the corresponding sent message in my gmail out-box.

Graham and I have been great friends since high school -- well over 20 years. He has never had any account with Charter, either work or home. I am 99.999% certain that Graham had nothing to do with this message. His e-mail address is "graham.tomlinson@hisISP.com".

The body of the message was a brief, vague, and inaccurate comment on our local weather.

Here's what I want to know:

1) Did a human hack either my PC or my gmail account, or it this just automated, mindless malware?

2) Should I be concerned, or was this probably a one-time incident?

3) What was the point of the message? It contained no attached files, no links, no advertising.

4) If malware, how did it misspell his first name so badly?

5) How did they (or it) get Graham's correct middle initial? He has never used it in his e-mail address or username. There are at least 20 people in the USA with the same first and last names.

6) Why send the message to an ISP that he never used?

Notes:

A google search using a distinctive phrase in the body of the message gave no matching results.

This happened about 4 months ago; I have seen no other suspicious e-mails since.

I have never written down the gmail account password -- memorized only. It is not the same as my ISP e-mail password.

No malware has ever shown up in any scans.

I have never mentioned my gmail account to Graham.


Platform: Dell Inspiron 9100, XP (SP2), Firefox w/ NoScript and AdBlockPlus, Spybot SD, AVG A-V, Zone Alarm. I keep the permissions (for scripts, security, etc.) screwed down tightly. Unnecessary Windows "services" are locked out.

Thanks in advance for your help.

 

Thanks much for your help. See my responses below.

Corporal Punishment;1107491]This is probably not malware. I surmise this mainly because 1) it is a single incident and 2) GMail is a web based program that would require some sort of access to type.

That makes sense.

(assuming your not popping your GMail)

Correct.


Normally I wouldn’t be concerned with something like this though until you said it was in you GMail sent items. That pretty much eliminates 99% of the generic problems and indicates that someone had access to either that machine or account.

Good point. I think it has to be a gmail account hack. It's pretty safe to rule out the machine -- it's at my house, which is guarded by a dog. I never take the PC anywhere, and no one else has access to it.

The misspelling and the proper use of the middle initial raises the probability that this is someone you know and was in a hurry at the time.

A very good observation. I'm still very confused as to their motive.

Is it possible someone who has access to your machine may have found something like this funny?

I do, now, have one suspect who enjoys playing mind games and jerking people around (one of my other friends calls her a "sh*t-stirrer"), and who might have done this for her own amusement. She is only moderately computer-literate, but she could have paid someone else to hack the gmail account and give her the password. Even before this happened, I thought she was mentally unstable. She has never been in my house.

The timestamp indicates the message was sent while I was home (around 5:30 a.m.), so I think the odds of the message being created on my machine are astronomically slim.

That is the logical choice. Simply leaving GMail will not log you out. The cookie can hang around for awhile – just hit the back button and there you go. .

I always logout of gmail when I'm done, then I close/restart Firefox immediately afterwards. I have FF configured to erase all cookies and cache when it closes. I also run CCleaner at the end of every Windows session, and I then turn the PC off until the next time I use it.

To be safe you should use a decent trojan scanner and change your password.
(try this one: http://majorgeeks.com/Trojan_Remover_d903.html)[/QUOTE]


Thanks. I changed the password to an even longer one, even though Gmail had rated my previous password as "strong". The trojan scan showed nothing, unfortunately.

Again, thanks for your help. Much appreciated. I'll check back again in a few days to see if there are any further suggestions.

 

Something to keep in mind: Spammers can easily spoof (forge) a sender's email address and can also easily harvest addresses from chain letters. Could it be possible that a spammer harvested addresses from an email of which you were both recipients and then began sending spam with your gmail account forged as the sender? In such a scenario, any failed delivery attempts will result in the destination mail server sending an "undeliverable" notification back to the forged address.

 

PEBKAC;1108633]Something to keep in mind: Spammers can easily spoof (forge) a sender's email address and can also easily harvest addresses from chain letters. Could it be possible that a spammer harvested addresses from an email of which you were both recipients and then began sending spam with your gmail account forged as the sender?

Thanks for your help on this. (And "Hail, Elbonia!")

That's definitely possible, but:

1) Why would it have badly mis-spelled his first name? (human error? I thought that spamming was mostly automated, but maybe not)

and,

2) How/where did they/it get his correct middle initial?


In such a scenario, any failed delivery attempts will result in the destination mail server sending an "undeliverable" notification back to the forged address.

That would definitely explain the "undeliverable" message that showed up in my "inbox" folder. But if that (forgery) happened, would that also explain why the original outgoing message was in my "sent mail" folder?

 

Oops!... Missed that part. If the original email is in your sent items, then the email was almost definitely sent from your account and not forged. My bad.