Someone else accessed my G-Mail account and sent out spam to everyone in my contact list. I've changed my password, but can't identify the source of the breach. What other security measures should I be taking?
MORE DETAILED EXPLANATION:
Apparently I've been phished. 12 hours ago, someone accessed my Gmail account from a Polish IP (I'm in the U.S.) and sent out a spam email containing only a URL for a Viagra spam site based in Russia (.ru). I've changed my Gmail password and contacted the recipients to let them know not to click on the link.
About thirty six hours before, I logged in to my G-Mail account from a friend's computer, so it's possible the breach happened on his machine.
How do I prevent the attack from happening again, either to him or to me?
I have been phished once or twice before, some years back. In each case, it was immediately obvious what I'd clicked on and/or how I'd been scammed (suspicious link sent via IM, etc.). But this time it isn't. I don't know what I clicked or which page I visited in order to cause this.
Can I find this out? If I went back through the browsing history, might I spot a clue? If I can't figure out how it happened, how do I know it won't occur again, either on my machine or on my friend's? Certainly I can run anti-virus scans and spyware scans and what not, but there's no guarantee that this attack was launched by something I (or my friend) downloaded or installed. So when the scanning is done, there's no way to know whether I've fixed the problem.
If you use credit cards or do banking on the computer, change your credit card number and banking passwords....and I don't mean over the internet!
Install a high quality security solution such as Norton 360 or Panda Internet security. Delete all other security programs. Update the new security and scan the entire computer.
I would not rely on free security downloads to protect a computer. There are too many bases that these types of systems don't cover.
Maintain the professional all- in -one security from now on. Just ONE good solution that covers everything.
Example: If you had Panda Internet security, it would have blocked the phishing attack, and many other things. It creates a log that shows where the attacks come from, by IP address. It updates several times a day automatically, it blocks all unauthorized connections.
A free security program won't do that.