gmail

Sending spam via the gmail web interface. Why would?

Today around 11:00 am (MSK) one of my gmail accounts (let it be [email protected]) began to send massive spam with a link like http://<different domains>/<different paths>/ugoogle.html. The link is nothing particularly criminal, just a redirect with a referral to a site in the “make money on the Internet” style.
It would seem that everything is simple and clear, I caught a sucker, a virus that took away my password / cookies and crap. But what confuses me is that I tried to always live the “correct” IT life, namely:
Hidden text1. In most cases I use linux (thoughtfully compiled and distributed via BINHOST by gentoo) and the latest versions of FF ESR (noscript, requestpolicy, adblock, flash is included in a separate profile that is only for flash) and chromium (ScriptNo, adblock, flashblock). For imap - the latest thunderbird ESR. Phone - nokia n900 with maemo.
1.1 The remaining case is a computer running Windows 7 x64, regularly updated, DrWeb 6.0 (license) with fresh databases updated every three hours and FF with separated profiles: a profile with working information (all the same plugins as under linux) , a separate profile for mail and payment transactions with a bare browser, as many payment sites go crazy with security plugins. Yes, I understand that this is the “bottleneck” place, but I seem to have taken all possible security measures under Windows (for example, I turned off the “Server” service), and the Internet at work through an iota distributed by a dedicated computer with Kerio Control. Yes, and the login from this computer was a few days ago.
2. Password with entropy similar to the password "dbvuyGcxPy%". Yes, I know about two-factor authentication, but I don't want to give my cell phone to Google. Email for recovery on your own server, which was not accessed by the left.
3. Never went to the post office anywhere other than the above. There is no need, since you have a phone with the box settings set in with you.
4. I never used the “Remember me” checkbox on the web. As well as the function of saving passwords in the browser. The password is only stored in the thunderbird settings, protected by a master password (with similar entropy).
The spam headers are as follows (* - stripped private data):
Hidden text Delivered-to: * gmail .com
Received: by 10.58.207.20 with SMTP id ls20csp410753vec; Mon, 5 Nov 2012
23:27:43 -0800 (PST)
Received: by 10.180.87.230 with SMTP id
bb6mr17041767wib.6.1352186863636; Mon, 05 Nov 2012 23:27:43 -0800 (PST)
Return-path: <[email protected]>
Received: from mail-we0-f195.google.com (mail-we0-f195.google.com
[74.125 .82.195]) by mx.google.com with ESMTPS id
fp2si8850840wib.6.2012.11.05.23.27.43 (version=TLSv1/SSLv3
cipher=OTHER); Mon, 05 Nov 2012 23:27:43 -0800 (PST)
Received-spf: pass (google.com: domain of [email protected] designates
74.125.82.195 as permitted sender) client-ip=74.125.82.195;
Authentication-results: mx.google.com; spf=pass (google.com: domain of
[email protected] designates 74.125.82.195 as permitted sender)
[email protected]; dkim=pass header.i= gmail.com Received : by mail-we0-f195.google.com
with SMTP id z53so12199wey.2 for
<* gmail.com >; Mon, 05 Nov 2012 23:27:43 -0800 (PST)
Return-path: <[email protected]>
Received-spf: pass (google.com: domain of * gmail .com designates
10.180.87.230 as permitted sender) client-ip=10.180.87.230
Received: from mr.google.com ([10.180.87.230]) by 10.180.87.230 with
SMTP id bb6mr19781532wib.6.1352186862711 (num_hops = 1); Mon, 05 Nov
2012 23:27:42 -0800 (PST)
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com;
s=20120113; h=mime-version:date:message-id:subject:from:to:content-type;
bh=FmodzDaoDrD+RsAH3/ViG/fUMeJRfJ+FiO766qwYo10=;
FxOEcPZh695P6Klc = b / QerSSLfiU3dV4PMEOFFcUcRAHDp1cMGKhh3ZAMBtnbe9PHxVy
zY8rgtiSonshdq1 / yk16fZEnarN5i7 + + MOP9UEv5mmB3M0i3v VX4B6owVdB4x06hk8Sg
fZaCID85UG2cFqBno95FvmnEnBEvleesRbQdF0KbYTHDt + 7RsYMczKVokLGjKQcDz5VZ
pKL3lpPrXcgYgUwtdn24otYhj8hewsWwcFr3g / YD3 cNiHl7LlUOk2V + + k / yzn5UR7aRq
MgvsHwydUPra604NfVpGSLxn / ZXMBAOuDjCwP7yL1BbGiaQn5jLpo63puNjnE / P1 / fxi
0S9A ==
Mime-version: 1.0
Received: by 10.180.87.230 with SMTP id
bb6mr17023834wib. 6.1352186560963; Mon, 05 Nov 2012 23:22:40 -0800 (PST)
Received: by 10.216.114.7 with HTTP; Mon, 5 Nov 2012 23:22:40 -0800
(PST)
Date: Tue, 6 Nov 2012 11:22:40 +0400 (06. nov. 2012 kl. 08.22 +0100)
Message-id:
<CAPvRhhQDA=f3CGHfuWNq-fh5s* mail .gmail.com>
Subject:
From: * <myemail @gmail.com>
To: * gmail .com, * mail .ru,
* yandex .ru, * yandex .ru, * mail .ru
Content-type: text/plain; charset=ISO-8859-1
http://*/zoiwipqueio/ugoogle.html
Spam was distributed to all addresses appearing in the box: those who wrote to me, those to whom I wrote, as well as to all the jids in the Google talk, but by email (i.e. there were attempts to send spam to an address like [email protected]) in 20 minutes.
Then they began to write angry contacts to me, after 40 minutes I got to the computer (unfortunately I did not find how to change the password through the Google mobile interface), changed the password (no one changed my password on the box), and turned off all outsiders. From suspicious activity in the "Recent activity" list, IP 66.18.115.126 (USA) was detected, which came from the browser at the time of spam.
Now I have questions:
1) What was it all the same? Still, a banal Trojan climbed onto a working Windows contrary to all measures? Or maybe my paranoia, linking the recent updates of the web interface and the incident that happened, is not so groundless and someone has already had this?
2) What should I do now? Whether to write somewhere in Google? If yes, then where? I heard about the ignore from Google support, so the answer to the question is not obvious to me.