[ISN] Gator Branded A Trojan Horse Despite Security Fix

From: InfoSec News (isnat_private)
Date: Thu Mar 07 2002 - 23:52:38 PST

  • Next message: InfoSec News: "RE: [ISN] Digital Destruction Was Worst Imaginable"

    By Brian McWilliams, Newsbytes
    07 Mar 2002, 3:42 PM CST
    Gator Corp. has corrected a security flaw in the Web-based installer
    program for its popular digital wallet software, but some anti-virus
    utilities still brand the program a Trojan horse.
    Responding to a report in February that the ActiveX installer opened a
    potential back door for attackers, Gator temporarily removed the
    program, GatorSetup.exe, from its sites and posted a security update
    that eliminates the vulnerability for users who have installed the
    program using the ActiveX control.
    Although Gator recently replaced the installer at its site with a
    version that eliminates the security flaws, the ActiveX program is
    currently blocked by Symantec's Norton AntiVirus (NAV) software.
    According to NAV, the Gator installer is infected with the
    Backdoor.Trojan virus.
    Symantec officials were not immediately available for comment.
    According to a description at the Symantec site, "all Trojans that are
    detected as Backdoor.Trojan have one thing in common: they allow
    unauthorized access to the infected computer."
    A downloadable installer for the Gator software, GatorMiniSetup.exe,
    did not set off NAV's alarms today.
    In a demonstration of the Gator vulnerability last month, a security
    researcher who uses the nickname "Obscure" created a Web page that
    automatically installs the Tini remote-control backdoor program on the
    PC of Gator users who installed the digital wallet using the ActiveX
    In a statement Feb. 23, Gator Corp. said it would automatically
    download an updated version of the Gator software to current users.
    Although Gator is present on millions of computers, most people do not
    download the program from the Gator site but instead receive it
    bundled with other software, the company said.
    According to Obscure, some users of Norman Virus Control have reported
    that the anti-virus software identified the new ActiveX installer as a
    He said Gator apparently made a number of changes to the installer to
    prevent hijacking by attackers, including a routine that deletes the
    installer after the browser window has been closed or the user
    navigates from the Gator site.
    Gator Corp. is a privately held firm whose investors include
    Garage.com and founders of Sun Microsystems, Symantec and Intuit,
    according to the company's Web site.
    Obscure's advisory is at
    The Gator home page is at http://www.gator.com
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 02:33:34 PST