I ran into your blog during a perusal of Matt Mullenweg’s blog and ended up reading several articles/posts you wrote, including the ones related to the whole Gmail + phishing + domain craziness issue.

Firstly, I am incredibly sorry to hear that you had to endure something like that; what an immense invasion of privacy for sure, but I am so glad that you got things taken care of.

Secondly, I know I’m coming in super late to the conversation, but I wanted to offer a piece of my own experience in regards to someone managing to ‘crack’ me (though not in the same manner) and how they might have done it.

Perhaps it might offer some insight into how such situations can be avoided in the future or at least provide some sort of reassurance or warning that these things can happen even when one is being careful – who knows.

Unlike what a lot of people have been suggesting about how you might have acquired a keylogger through unsafe browsing or emailing habits, I am suggesting that you might have gotten exposed to an exploit through ‘friendly’ means – eg: through a friendly, trusted website.

You’re an artist, so you are probably familiar with art sites like deviantArt.

I used dA for years (up until the last two years) and it was one of my most ‘trusted’ websites where I browsed with little to no fear of my computer being exploited.

And then one night about two years ago, my best friend sent me a dA link to someone’s artwork and after I clicked on the link as a logged-out/guest user, BAM.

That is how I got the worm/virus/keylogger/whatever it was onto my computer.

How?

If you are familiar with dA then you know how dA puts up advertisements on their site if you are only a basic member or if you are not logged into the site.

The ad is how I got my computer bug. The site (dA) was friendly enough, but the ads at that particular moment were malicious.

No questions about it because my antivirus caught it immediately almost right after I opened the site, but the damage was already being done.

I had SSH open because I was doing work and I promptly got a second virus/bug warning from my antivirus saying that my SSH was now corrupted with a backdoor Trojan hack of some sort and the account I was using was compromised thereafter, which of course indirectly compromised my other accounts as well along with my main account with my hosting provider.

Additionally, I started seeing popups everywhere on my web browser directing me to anti virus software and my OS was starting to glitch here and there.

Thankfully, the damage done was minimal compared to your situation.

Where my domains DID get hacked into and I DID lose control over the domain I was attending to at the time and got various viral marketing ploys inserted into the coding of various domains I was managing, I managed to get in touch with my web host right away and with their help, I was able to prevent further damage beyond that.

After a massive disk wipe of my computer and resetting passwords to EVERYTHING and being a little more ‘wise’ for the wear, things were back to normal except for one thing.

I never have gone back to dA if I could help it and I have become a lot more wary of ‘trusted’ sites – especially if they run adverts.

So anyways, I guess why I’m sharing what I did is to say that I fully believe that it IS possible to be exploited by a ‘friendly’ site – after all, I was.

Granted, it was the adverts and not the site itself, but the site was running said adverts, so…

Yeah.

Happy 2010 to you and may you never experience such a thing again!

Thanks for sharing your work!

Dear Sir/Madam,
This mail is to notify you have been selected as a winner to receive the sum of £850,000 British Pounds in our on-going Google anniversary lotto draws.

Your email address was attached to the following winning numbers that made you one of our lucky winners for this year draw :Ticket number: 00869575733664, CGPN:7-22-71-00-66-12,Serial

numbers:BTD/8070447706/06,Lucky numbers:12-12-23-35-40-41(12).
For more info/ how to claim your prize,contact the processing agent (Mr. Grahams Benfield) with the email addresses below by sending your winning numbers,full names, sex and location.

Agent E-mail(s):grahamsbenfield.agent@gmail.com,grahams.benfield@thedotmail.com
Wishing you goodluck as you’ll spend your fortune!!
Sincerely,
Mr. Petersen, Promo Coordinator

Hope nothing like this happens again

Haha. I’m sure you’re doing lots right. Perhaps I’ve been wrong to go re-adding all those http://www.davidairey.com lines before my /image/image.jpg code. Due to the time it took, however, I’m sticking with the opposite.

Kathy,

I think quite a few others found the documenting of my experience beneficial, which is great. I’m curious how it affected your client practices.

Lauren,

It is quite phishy ;) even though I can’t rule out the idea I was tricked. I hope not, but it is possible.

Not 100% sure about those image links. Maybe there was another reason why I re-added the full code, such as images not showing in RSS feeds. Hmmm. Can’t remember now.

bubble,

I’m sure there are steps that can be taken to improve security in GMail. For instance, you could have to re-enter your password before applying filters to the account, which would prevent cross-browser script attacks. That said, they’re apparently all fixed now.