The buzz this weekend was clearly about Q - the first TRUE viral marketing product I’ve seen in new media. It’s viral just like a real virus - it spreads to everyone you’ve come in contact with, and the power of its infection is multiplied by the level of contact you have with others. We’ll probably talk about this at length during this coming week’s best marketing podcast, Marketing Over Coffee.

My first read on Q is this - good. Good that it happened, good that the payload was relatively innocuous (so far), good that it demonstrated a flaw in social networking without obliterating the network in the process. I’d still change your password if you’re a current or former Q user on any email account you’ve used it with.

Just how bad could the Q Trust Virus (trustvirus? is that even a word?) have been? Consider this: how many times have you synced your online web mail’s account information with an address book or other utility? I’d bet dollars to doughnuts that if you’re in the social space, you’ve used a tool like Plaxo or LinkedIn or another sync tool that promises to bring together all your data, and you’ve done so.

I’d bet you dollars to doughnuts right now that in your address book on XYZ service as well as on your personal computer, you not only have friends’ email addresses, but their real names, physical world addresses, phone numbers, birthdays, and more.

Imagine a Q-style TrustVirus (it’s officially a word now) that aggregates all of that, but doesn’t tell you, nor does it mass email all of your friends. Instead, it stores it in one large data warehouse, and cross-references people in your network with the same people in other networks, until it develops a comprehensive profile of an individual based on fragments gathered from that individual’s many friends. CC Chapman may not have my birthdate in his address book, but Chris Brogan might. Steve Garfield may know my cell phone number, and Michelle Wolverton might know my work address. Put the sum of my friends’ knowledge about me together, and you’d have enough for a profile of reasonable accuracy.

What to do with such a profile? Well, selling it to an identity theft ring would probably be lucrative and almost impossible to trace. Selling it to marketing data firms, selling it to just about anyone who wants top-notch, qualified personal profiles (three letter government agencies?) would be profitable.

Think about it - not only would a trustvirus gather a lot of information quickly, but it would be highly accurate most of the time, because you’re hijacking trust relationships across networks. Bryan Person trusts me enough to tell me his birthday, and I have no incentive to put inaccurate data in my address book. I trust Anji Bee with my mailing address, and chances are very good she’ll record it accurately. A trustvirus knows this and therefore the data it collects will be highly trustworthy.

What’s the lesson in all this? Think carefully about the information you put online. Think carefully about what you share with whom, even close friends, because they are human and therefore susceptible to trustvirus hijacking. Encourage your friends, if you’re of a sufficiently paranoid mindset, to not record sensitive data that could be used for identity theft (name, SSN, and date of birth is the magic trifecta that unlocks most doors) and be very careful about how you store data about them.

The easiest benchmark of all is to ask yourself this: what don’t you want the world to know about you - and who else knows about it?

Beware the trustvirus.