Philippines Gmail Hacker Sending out spam from hacked gmails

1. Philippines Gmail Hacker Sending out spam.
2.  
3. According to the sending account's source of "sent emails" the sending IP was
4.  
5. 210.4.127.110
6.  
7. He man who sent out the spam (not him but his account) has let me have a look.
8.  
9. Even though that spammer IP never logged in it seems it was done through Google Notifier (gained access that way perhaps and then proceeded to send spam emails to all the contacts about an hour later?)
10.  
11. However this is what I don't understand. The computer was off shortly after 1:30am approx as the owner of the email went to bed. Spam started being sent at 1:57 AM. Email was last accessed through Google Notifier at 1:32 am. First email was sent at 1:57 AM. Last email to be sent (was all 44 of his contacts in the list) was at 2:08 AM. 44 messages sent.
12.  
13. I just realized something else. The time is off. The time says those when you click on the emails but when you just go to the sent folder and look the times are set 3 hours ahead of that. This seems to be because the timezone of the email owner and myself are different than the spam sender. The spammer sent the email and the source reads it as -0700 (PDT).
14.  
15. Anyway one of those went to a couple of my accounts but says a different IP as the sender:
16.  
17. 209.85.212.172
18.  
19. Oh wait .. I just am not good at reading email headers yet:
20.  
21. Received: from mail-pz0-f45.google.com (mail-pz0-f45.google.com [209.85.210.45])
22. by mx.google.com with ESMTPS id d10si26569797icx.139.2011.05.31.01.57.04
23. Received: by 10.68.31.169 with SMTP id b9mr2354947pbi.207.1306832224325;
24. Tue, 31 May 2011 01:57:04 -0700 (PDT)
25.  
26. and farther down it says:
27.  
28. Return-Path: **hacked email**
29. Received: from localhost ([210.4.127.110])
30. by mx.google.com with SMTP id x1sm3572927pbb.50.2011.05.31.01.56.50
31.  
32. According to The Project Honey Pot system, that IP address' behavior is consistent with that of a mail server. The IP is also not in the USA like the owner of the email account but in the Philippines.
33.  
34. Every spam sent out last night from this IP through this one hijacked email account had this link in it:
35.  
36. http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
37.  
38. This spam always looked like this format:
39.  
40. Hello , i started as soon as i could http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
41.  
42. (the space between Hello and , is where they grab the name from the address book but in this case none was there so there is just a space).
43.  
44. Each spam message sent from the hacked account (not hijacked but hacked through "Google Notifier" it seems).
45.  
46. Here are some of the different messages:
47.  
48. Stephen, this is right up your alley http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
49.  
50. hello jsh, i've been enjoying all of life's greatest luxuries http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
51.  
52. Hey Nick it can't hurt to try this http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
53.  
54. hello , when I started on here I didn't assume it was this easy http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
55.  
56. hey Kathy, i've already gone on multiple vacations this year http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
57.  
58. hi A, it surprised me to learn that this was so fast and efficient http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
59.  
60. Brian hi test out your skills http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
61.  
62. you shouldn't pass this up http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news
63.  
64. hello Katy, i'm never working a 9-5 again http://g.msn.com.br/BR9/1369.0?http://cnbc7.com/news