Wednesday, March 12, 2008

ALERT: This Program Steals Your Login Credentials!

I just read this article by Robert Vamosi over at about programmer Dustin Brooks who discovered that the program "G-Archiver" sends the login credentials of everyone who signs up for the program to the email account of it's author John Terry.

Brooks was looking for a program to back up his Gmail account when he discovered G-Archiver.

"He signed up for a program called G-Archiver distributed by Mate Media of Miami, Fla. Brooks says that after installing the program, it didn't do all he was looking for so he decided to reverse engineer the source code using a program called Reflector for .Net.

Inside the source code Brooks found the program author's e-mail address and account password for Gmail. Thinking that was a little strange, Brooks used the hardcoded information to open John Terry's Gmail account. There, Brooks alleges he found 1,777 messages, all of which had username and passwords for people who signed up for the G-Archiver, including his own. In other words, whenever anyone signed up for the program, as Brooks had, a copy of his or her username and password was sent to John Terry's Gmail account.

Hardcoding e-mail addresses isn't new. In a presentation at Black Hat D.C. 2008 a few weeks ago, researchers Nitesh Dhanjani and Billy Rios reported that phishing site creators frequently hardcode e-mail addresses into the code in order to receive copies of the personal information submitted independent of where the Web form is being sent."

You can read the rest over at, but I have to say that reading this makes me wonder what other programs out there do this. It certainly makes an argument for Open-Source software. Being the healthy skeptic and cautious person that I am, I've wondered about this in the past. The only thing protecting most customers is the reputation of the company/author, and inquisitive (and skilled) people like Dustin Brooks.

No comments:

Post a Comment

Comments are welcome but need to be on-topic and civil.