G-Archiver Identified as Malicious Spyware
G- Archiver, a program designed to backup a Gmail account to the hard disk of a local computer has been recently criticized after accusations that the application actually gathers usernames and passwords of Gmail accounts, an information that end users do not want to reveal to the company.
The revelation of such information is particularly worrying as most users of Google mail use only one account to approach many services. If users with Google Checkout accounts or AdSense accounts unknowingly disclose their Gmail password to wrong people, it could result in significant financial losses for them.
G-Archiver, which is fully segregated from Gmail or Google, is an independent creator's product. The declaration that G-Archiver was a spyware program occurred in the second week of March 2008, credit to Dustin Brooks a software programmer, as reported by yahooTECH on March 17, 2008.
Writing to Jeff Atwood via e-mail, blogger on Coding Horror, Dustin Brooks described the working of reverse-engineered G-Archiver. While working with it, Brooks himself found that 'apparent developer' John Terry had hard-coded into the valid source code, his Gmail account's username and password and then coded software to get e-mail with somebody else's username and password.
However, consumers wanting to use G-Archiver need to submit their Gmail username and password to the application. This, in the opinion of Atwood, totally goes against people's trust.
When Brooks assessed the mentioned source code, he found that it had an unsophisticated spyware, showing the username and password for the account where G-Archiver transmits account information of its victims. When Brooks opened that account he found data on username and password of thousands of other accounts.
In any case, doubt over G-Archiver leads to more important questions about whether Web services would effectively work in cooperation of each other in future. A number of security issues surround joint working of Web utilities and software programs that communicate with each other.
Today, when it makes sense for software applications and Web services to work in collaboration with interfaces of open applications, there arises an urgent requirement of more disclosures and rules about sharing of personal information between companies.
Related article: GIO’s Confidential Information Hacked and disclosed
» SPAMfighter News - 26-03-2008