FOR IMMEDIATE RELEASE Thursday, 7 October 1999 1900:00 PDT ZDNET SITE SENDS USERS TO BACKDOOR PROGRAM Softseek.Com Promotes Trojan Horse to Unwitting Users Among the security applications recommended by Softseek.com at its popular download site is a well-known and very capable backdoor program called NetBus. The trojan horse program is being deceptively promoted as WinSec v1.01, "a Windows security program designed to restrict users from accessing certain Windows features." If an unsuspecting user downloads and runs the program, it immediately installs hidden backdoor access, opening the victim's computer to comprehensive intrusion via the Internet link. The Softseek representation displays a screen shot of a seemingly purposeful application, and describes it in some detail. It's unknown whether a legitimate application by the name "WinSec" actually exists. At last check (7PM PDT 7 October), and despite user complaints, Softseek still features the bogus program at URL: http://www.softseek.com/Utilities/Encryption_Security_and_Passwords/Security_and_Access_Control/4index.html The bogus review appears at: http://www.softseek.com/Utilities/Encryption_Security_and_Passwords/Security_and_Access_Control/Review_24937_index.html Links lead the Softseek site's visitors to an anonymous website hosted by Xoom.com. The backdoor program is in clear violation of Xoom's Terms of Service. Document dates indicate the site has existed in its present form since September 1st 1999. Softseek has featured WinSec since at least June of this year. The originator's identity is nowhere to be seen and may well prove impossible to determine. Given the high-traffic nature of the Softseek site, the hostile application could easily have been accessed by tens of thousands of victims over the past month. To make matters worse, one victimized user reports that a Softseek representative forwarded his complaint, with his email address, to the trickster. This places the victim at potential risk of retribution. The incident raises serious questions about Softseek's screening procedures, its handling of complaints, and the legitimacy of its other offerings. Users who complain to Softseek about hostile applications may be placed at further risk when their identities are exposed to malefactors. Softseek, a ZDNet company, has failed to respond to questions about the incident. A ZDNet representative was notified by phone of the problem, and promised action before 6PM this evening. But the Softseek site remains unchanged and a promised callback from ZDNet never materialized. An HTML version of this alert is at: http://www.nwi.net/~pchelp/security/alerts/softseek.htm Please contact email@example.com for further details.