Review for gContactSync by ZundapMan
Rated 1 out of 5 stars
I just installed gContactSync and used its' new feature to synchronize with an address book I had stored on a Plaxo account. The next day there was a flurry of "bad adress returns" associated with a group email sent to all or some of my contacts. It was a link to a "get rich quick scheme" html page set up to make it difficult to navigate out of without giving an "OK" back to the page's code via my browser. I've gone into gContactSync and disabled all synchronization until I get to the bottom of this! In the interim, beware of gContactSync.
Per Josh's reply below....
My browsers and system are kept religiously "up to date" using utilities provided by Comcast Xfinity. This includes Norton's web based support for virus/intrusion protection and the use of a funky utility called Constant Guard which stores encripted login identities and has anti-keylogging features. I do not believe that my system itself is/was compromised but rather something I did on the day I installed gContactSync and used it to synchronize an address list I had on Plaxo with one on gMail that some or all of the addresses I processed went through a 'mailer bot' which grabbed exposed unincripted mail data from somewhare and broadcast it. The one clue I have is that the "reply to" name field on the bad address returns was not the one I generate if I compose new mail from Thunderbird, but rather a variant created by some odd process of unknown origin. The real problem could lie in Thunderbird itself.
ZundapMan,
While it is unfortunate that your e-mail account was used to send out spam I don't think gContactSync is the reason. Importing contacts does require limited interaction with my website, pirules.org since it uses OAuth. pirules.org will "sign" requests sent to the site you are importing contacts from but it never has access to your password (more details on OAuth are readily available online).
I've checked my code on pirules.org and it is intact and doesn't appear to have been tampered with. If you downloaded the add-on from addons.mozilla.org or mozdev.org it should be fine.
I'm guessing your computer is infected and once the malware saw new contacts it decided to spam them. It might have been spamming your old contacts but if they were all valid and up-to-date e-mail addresses you wouldn't have received any delivery failure notifications. You didn't just install gContactSync; you added all those new contacts to your address book. I strongly recommend you scan your computer for malware. Eset has a free online scan that removes whatever it finds.
Please let me know what you find out via e-mail or the forum.
Josh
To create your own collections, you must have a Mozilla Add-ons account.