14 DAY TRIAL // Gmail, Google's very popular email technology, which is for many users their main email service, can easily turn into your worst nightmare as a security glitch could allow an attacker to use the service as the perfect spamming bot. According to security research team INSERT, the security glitch "is related to the risk of abusing the email forwarding option in Gmail accounts." In case an attacker manages to take advantage of the flaw, he could easily send a very large number of messages, obviously with spamming purposes.
It's interesting to note that the security researchers managed to send unsolicited messages to more than 4,000 email addresses in no less than 6 hours and "no measures took place that would have prevented us from keeping sending more messages." And obviously, more Gmail accounts exploited means more spam messages sent to inboxes from all over the world. "By deploying this attack with 100 Gmail accounts simultaneously, the message rate would exceed 1,000 messages per minute," the researchers explain.
Gmail is usually a safe and trusted email service and email technologies from all over the world included it on the whitelist, allowing messages sent by Gmail accounts to reach their inboxes. Imagine that such a security glitch could prove to be extremely dangerous for them, unless Gmail is blacklisted.
"It is possible to assemble an attack that would have results similar to those of a botnet based spam by compromising a relatively small number of Gmail accounts, but without the need for thousands of zombie computers. Nevertheless, an attacker could also reach levels similar to those of a small botnet by exploiting only one Gmail account given enough time," the INSERT researchers explain.
At this time, we're still waiting for an official comment from Google's representatives but, in case you want to get more info on this topic, read the INSERT advisory available here.