- http://msmvps.com/bl...09/1538073.aspx
March 09, 2008 - "All of us have felt a high degree of trust when downloading and installing software (whether it be freeware, shareware or pay-for). Today I read a story that is a frightening reminder that when we download and install software sourced via the Internet we do NOT know who we are dealing with and we cannot be sure if our trust is misplaced. Today's villain is called g-archiver (or garchiver, depending on who you talk to). The software holds itself out as a "one click Gmail backup solution". Victims install the software, enter their gmail username and password, and then start creating an archive of their Gmail passwords on their local hard drives. What the g-archiver web site does NOT tell you is that g-archiver TRANSMITS YOUR GMAIL USERNAME AND PASSWORD TO THE AUTHOR OF THE SOFTWARE. The behaviour was discovered by a Dustin Brooks, who emailed his discoveries to Jeff Atwood of Coding Horror. Jeff then revealed the scandal to the world on his own blog*. Jeff's blog includes a screenshot of the g-archiver author's Gmail account, which contained 1,777 Gmail usernames and passwords. To add insult to injury, g-archiver is shareware, costing $29.95... I have also contacted Google, and have gone quite high up the food chain in doing so..."
* http://www.codinghor...ves/001072.html
-------------------------
Another "witness":
- http://isc.sans.org/...ml?storyid=4129
Last Updated: 2008-03-12 15:48:11 UTC "...G-Archiver..."
Edited by AplusWebMaster, 12 March 2008 - 10:09 AM.