FOR IMMEDIATE RELEASE
Thursday, 7 October 1999 1900:00 PDT


               ZDNET SITE SENDS USERS TO BACKDOOR PROGRAM

Softseek.Com Promotes Trojan Horse to Unwitting Users

Among the security applications recommended by Softseek.com at its 
popular download site is a well-known and very capable backdoor program 
called NetBus.

The trojan horse program is being deceptively promoted as WinSec v1.01, 
"a Windows security program designed to restrict users from accessing 
certain Windows features."  If an unsuspecting user downloads and runs 
the program, it immediately installs hidden backdoor access, opening 
the victim's computer to comprehensive intrusion via the Internet link.

The Softseek representation displays a screen shot of a seemingly 
purposeful application, and describes it in some detail.  It's unknown 
whether a legitimate application by the name "WinSec" actually exists.

At last check (7PM PDT 7 October), and despite user complaints, 
Softseek still features the bogus program at URL:

http://www.softseek.com/Utilities/Encryption_Security_and_Passwords/Security_and_Access_Control/4index.html

The bogus review appears at:

http://www.softseek.com/Utilities/Encryption_Security_and_Passwords/Security_and_Access_Control/Review_24937_index.html

Links lead the Softseek site's visitors to an anonymous website hosted 
by Xoom.com.  The backdoor program is in clear violation of Xoom's 
Terms of Service.  Document dates indicate the site has existed in 
its present form since September 1st 1999.  Softseek has featured 
WinSec since at least June of this year.

The originator's identity is nowhere to be seen and may well prove 
impossible to determine.

Given the high-traffic nature of the Softseek site, the hostile 
application could easily have been accessed by tens of thousands of 
victims over the past month.

To make matters worse, one victimized user reports that a Softseek 
representative forwarded his complaint, with his email address, to the 
trickster.  This places the victim at potential risk of retribution.

The incident raises serious questions about Softseek's screening 
procedures, its handling of complaints, and the legitimacy of its other 
offerings.  Users who complain to Softseek about hostile applications 
may be placed at further risk when their identities are exposed to 
malefactors.

Softseek, a ZDNet company, has failed to respond to questions about the 
incident.

A ZDNet representative was notified by phone of the problem, and 
promised action before 6PM this evening.  But the Softseek site remains 
unchanged and a promised callback from ZDNet never materialized.

An HTML version of this alert is at:
http://www.nwi.net/~pchelp/security/alerts/softseek.htm

Please contact pchelp@nwi.net for further details.