I was so excited.  I got a bit distracted at Church this morning checking email and noticed I was a getting a ton of returned mail.  As it became quickly obvious, I was 'spamming' EVERYONE that I had ever interacted with on my old gmail account.  Nothing appeared amiss on my Mac and scanning turned up nothing.  I changed my gmail password and turned off my vacation auto-responder (something I had not turned on) and things 'seem' to be on track.  Great post from Chris DeMarco on having run into this with his clients.

This appears to be an issue NOT with a software vulnerability (as most Spam spewing bots and other things would leverage) but more with a brute force password attempt that finally succeeded. 

What a great reminder for why we should be cycling our passwords.  From what I can tell, this 'attack' has been in place for several years...probably moves pretty slow.  If I were to guess, there are probably very slow moving bots trying to guess passwords on web based accounts like this.  This would be horrendously boring work for a human but ideal for a computer.   This is just a guess.  I get too distracted too easily to have dug up anything more juicy than that...  But if you know something...do share!

Robb