Gmail archiving program is actually spyware

Mon Mar 17, 2008 11:38AM EDT

See Comments (10)

If you've used the G-Archiver program to back up your Gmail (aka Google Mail) email, you've got a headache on your hands. The program has been revealed to be a malicious spyware app that emails your Gmail username and password to a secret Gmail account.

This revelation is especially troubling because most Gmail users use a single Google account to access a wide range of services. Those with AdSense accounts or Google Checkout accounts could face severe financial losses if their Gmail password were to fall into the wrong hands.

G-Archiver is wholly unaffiliated with Google or Gmail and is the product of an independent developer. The revelation that G-Archiver was spyware emerged last week courtesy of programmer Dustin Brooks, who analyzed the source code to find a crude spyware system inside, complete with the name and password of the account to which G-Archiver sends all its victims' account information. He accessed that account and found thousands of records of usernames and passwords inside, including, of course, his own. (Brooks also deleted all those records and changed the password on the account by way of vigilante justice. Good man!)

Meanwhile, in what has to be the least credible excuse/explanation ever, G-Archiver has posted a notice on its website that the program was not spyware but rather that "a member of our development team had inserted coding used for testing G-Archiver in the debug version and forgot to delete it in the final release version." Uh, right...

G-Archiver's solution, however, is correct: If you have ever installed the program you should uninstall it and change your Google account password immediately. G-Archiver is so new that it probably will not show up in scans from most anti-spyware products yet.

As well, I probably needn't bother telling you that I don't recommend installing the upcoming new version of G-Archiver when it is released, even if the "flaw" is "corrected." Same goes for other sketchy third-party applications that promise to download messages from any webmail service... provided you give them your name and password. Not all are spyware, to be sure, but you should still tread lightly in this area.

Comments on Gmail archiving program is actually spyware

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by mzw986 on Thu Sep 3, 2009 7:32PM EDT Report Abuse

    The best way to archive a Gmail account is through POP access and a *reputable* POP email program. Simply set your Gmail to Enable POP for all mail (even mail that's already been downloaded), under Settings. Then download your mail into the POP email program you have and voila, instant back up!

  • 2 Posted by aviasphere on Thu Sep 3, 2009 2:59PM EDT Report Abuse

    Google is so cotton pickin' evil it has ceased to be funny!!!!

  • 3 Posted by m_knopp on Thu Sep 3, 2009 7:32PM EDT Report Abuse

    aviasphere, what does this article have to do with Google? Some company wholly unrelated to Google scammed a bunch of people into giving out their usernames and passwords (should have been an automatic red flag) for Google mail. So while you might not like Google, this article does nothing to support your hatred, and your comments in a column such as this only serves to undermine your credibility on the subject. Just food for thought.

  • 4 Posted by agustin2489 on Thu Sep 3, 2009 2:47PM EDT Report Abuse

    I find it a tad bit odd that there are archiver programs for Gmail. The size of the inbox is essentially enough that you can archive everything you want there.

  • 5 Posted by rogueist on Thu Sep 3, 2009 8:49PM EDT Report Abuse

    Not new at all. This news is at least 3 years old to us in the security business. It just looks like finally someone paid attention to it.

  • 6 Posted by pcofmind1 on Thu Sep 3, 2009 8:04PM EDT Report Abuse

    I think you need to better emphasize that THIS IS NOT GOOGLE's DOING, but a third-party application with no ties to Google. The title of your post leads one to believe this is a Google thing, as evidenced by the ignorant post (#2) by someone who obviously did not read the article. But, hey, you did catch our attention -- especially those like me, who use Gmail. So many experts have raved that Gmail is the best web-based mail system out there, and I agree. Bottom line for me is literally three spams in almost two years of using Gmail. Awesome!

  • 7 Posted by g_tagni on Thu Sep 3, 2009 4:15PM EDT Report Abuse

    I totally agree with m_knopp's comments. Besides, at the end of the day it is the users' responsability to verify that the programs they use are trustable.

  • 8 Posted by aviasphere on Thu Sep 3, 2009 2:59PM EDT Report Abuse

    m_knopp... One would THINK that a company that moans 'no evil' would be quick to see if their third party providers adhered to the same standards that they supposedly espouse. Or is that too much to ask...a little DUE DILIGENCE?????

  • 9 Posted by taurusgrl65 on Thu Sep 3, 2009 9:57PM EDT Report Abuse

    I've been to Chris Null blog before,I am just confused by the g-mail archiver,piece here,I rarely ever use G-mail, the only thing I have seen as far as archives go, is the old mail archives that where in my: yahoo groups,messages that where older than I would even care to admit to, are still there and available to search through. But I consider myself to be fairly new at the blogging thing.I did register to read about oh, I'd say maybe a half dozen or less of "other people's blogs" so that I could get the hang of it before making my own.My question is: If after reading all the postings on"someones blog" Is it necessary to: repost via the buttons on the page like: the IM, del.icio.us, or Digg, in order for it to be read by others?The only other time I have even seen the word archive that I can remember was when I tried to use outlook express, the last time, it asked me If I wanted to archive my older messages, saying it was safer, so that I didn't get flooded with messages in my inbox, Then there was nothing there at all when I went to use it.They archived everything!, I am not very comfortable with importing and exporting things from one account to another, When I did try to do it before, I did get flooded, about 8,000 or more messages. I just want to find a happy medium somewhere without having to obtain a license to create my own radio station or channel Which people do ask me if that's what I want to do,I'm not quite there yet with what I need to know first,Nor do I have the financial expertise or backing to launch something of that magnitude.

  • 10 Posted by arminta.gast@att.net on Thu Sep 3, 2009 2:57PM EDT Report Abuse

    This is completly insane, why would anyone download a seperate program to archive their gmail, WHEN IT HAS THAT OPTION BUILT IN? All you simply need to do it hit archive, I have never had to download or use any other applications except for gmail in itself.

More Posts: First Prev 1 2 Next Last

Post a Comment

Sign In to Post a Comment