I ran across a pretty useful sounding little program today. The program, G-Archiver, is a tool that will download all of your Google Email and archive it locally. Google is huge, and I'm sure they have backups in place in case something happens to my email. However, I am still a huge proponent of having my own copy. You never know when a company might go under, or when you might be without internet access and need to refer to something. So G-Archiver sounded pretty cool to me.
With any new software I consider installing, I do some research first to make sure it seems legitimate and functional. I'm really glad I did so in this case. The author wrote the tool so that whenever you run it, it sends your Google username and password to his email account! The really stupid part is that in order to do this he actually posted his GMail credentials in the code. I can only guess what sort of interesting things may have happened to his email account already.
This is a great example of why you need to be careful installing any software on your computer. Very innocuous sounding things can have malicious purposes. In fact, there is a lot of malicious software out there that was specifically given an useful purpose and innocent sounding name just to trick you into using it.
There is a good write-up of this at the Sans Internet Storm Center as well: Don't Use G-Archiver.
They even posted the code showing what this software does:
Here's the code:
Copyright© 2008 - 2012 MazPC. All rights reserved.
Website design by Beachfront Web, a partner of MazPC.