Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Gator Branded A Trojan Horse Despite Security Fix

From: InfoSec News <isn () c4i org>
Date: Fri, 8 Mar 2002 01:52:38 -0600 (CST)
http://www.newsbytes.com/news/02/175046.html

By Brian McWilliams, Newsbytes
REDWOOD CITY, CALIFORNIA, U.S.A.,
07 Mar 2002, 3:42 PM CST
 
Gator Corp. has corrected a security flaw in the Web-based installer
program for its popular digital wallet software, but some anti-virus
utilities still brand the program a Trojan horse.

Responding to a report in February that the ActiveX installer opened a
potential back door for attackers, Gator temporarily removed the
program, GatorSetup.exe, from its sites and posted a security update
that eliminates the vulnerability for users who have installed the
program using the ActiveX control.
 
Although Gator recently replaced the installer at its site with a
version that eliminates the security flaws, the ActiveX program is
currently blocked by Symantec's Norton AntiVirus (NAV) software.

According to NAV, the Gator installer is infected with the
Backdoor.Trojan virus.

Symantec officials were not immediately available for comment.

According to a description at the Symantec site, "all Trojans that are
detected as Backdoor.Trojan have one thing in common: they allow
unauthorized access to the infected computer."

A downloadable installer for the Gator software, GatorMiniSetup.exe,
did not set off NAV's alarms today.

In a demonstration of the Gator vulnerability last month, a security
researcher who uses the nickname "Obscure" created a Web page that
automatically installs the Tini remote-control backdoor program on the
PC of Gator users who installed the digital wallet using the ActiveX
control.

In a statement Feb. 23, Gator Corp. said it would automatically
download an updated version of the Gator software to current users.

Although Gator is present on millions of computers, most people do not
download the program from the Gator site but instead receive it
bundled with other software, the company said.

According to Obscure, some users of Norman Virus Control have reported
that the anti-virus software identified the new ActiveX installer as a
Trojan.

He said Gator apparently made a number of changes to the installer to
prevent hijacking by attackers, including a routine that deletes the
installer after the browser window has been closed or the user
navigates from the Gator site.

Gator Corp. is a privately held firm whose investors include
Garage.com and founders of Sun Microsystems, Symantec and Intuit,
according to the company's Web site.

Obscure's advisory is at
http://eyeonsecurity.net/advisories/gatorieplugin.htm

The Gator home page is at http://www.gator.com




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: