http://www.newsbytes.com/news/02/175046.html By Brian McWilliams, Newsbytes REDWOOD CITY, CALIFORNIA, U.S.A., 07 Mar 2002, 3:42 PM CST Gator Corp. has corrected a security flaw in the Web-based installer program for its popular digital wallet software, but some anti-virus utilities still brand the program a Trojan horse. Responding to a report in February that the ActiveX installer opened a potential back door for attackers, Gator temporarily removed the program, GatorSetup.exe, from its sites and posted a security update that eliminates the vulnerability for users who have installed the program using the ActiveX control. Although Gator recently replaced the installer at its site with a version that eliminates the security flaws, the ActiveX program is currently blocked by Symantec's Norton AntiVirus (NAV) software. According to NAV, the Gator installer is infected with the Backdoor.Trojan virus. Symantec officials were not immediately available for comment. According to a description at the Symantec site, "all Trojans that are detected as Backdoor.Trojan have one thing in common: they allow unauthorized access to the infected computer." A downloadable installer for the Gator software, GatorMiniSetup.exe, did not set off NAV's alarms today. In a demonstration of the Gator vulnerability last month, a security researcher who uses the nickname "Obscure" created a Web page that automatically installs the Tini remote-control backdoor program on the PC of Gator users who installed the digital wallet using the ActiveX control. In a statement Feb. 23, Gator Corp. said it would automatically download an updated version of the Gator software to current users. Although Gator is present on millions of computers, most people do not download the program from the Gator site but instead receive it bundled with other software, the company said. According to Obscure, some users of Norman Virus Control have reported that the anti-virus software identified the new ActiveX installer as a Trojan. He said Gator apparently made a number of changes to the installer to prevent hijacking by attackers, including a routine that deletes the installer after the browser window has been closed or the user navigates from the Gator site. Gator Corp. is a privately held firm whose investors include Garage.com and founders of Sun Microsystems, Symantec and Intuit, according to the company's Web site. Obscure's advisory is at http://eyeonsecurity.net/advisories/gatorieplugin.htm The Gator home page is at http://www.gator.com - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 02:33:34 PST