"It would not take many minutes to put up a gopher server with a Win 32 rootkit as content, and then put an innocent but interesting looking link into a web page ('free live World Cup scores' would do nicely right now). And, with an href pointing to that server, and, ideally, one of those annoying JavaScript scrollers in the browser status display to prevent the user from noticing they're about to click a gopher link. Or have a page auto-forward to a malice gopher link, and, viola! A few more suckers rooted. This would likely pass through most firewalls as well." Simon Brooke.

Hundreds of chat rooms that are populated by hackers/crackers from around the world are buzzing about the now defunct Gopher. According to the well known reputable white hat hacker MacHaven, "…the possibilities are endless!"

Gopher was first discovered on May 22 by Online Solutions of Finland. (http://www.solutions.fi/) They did not release the exploit, but instead sent the code directly to Microsoft so that hackers could not exploit it. They did the right thing by reporting the vulnerability directly to Microsoft, as opposed to eEye Digital Security who announced exploits to the world that allowed such viruses as Code Red to affect millions of servers worldwide in just days. However, neither of them took the tack that PivX did and that was to create a solution to the problem immediately.

Traditionally, Microsoft waits upwards of six months and releases a security package, including fixes for other flaws in their billion dollar software suites. PivX figured users shouldn't have to wait for a fix on this one. And according to published reports in CNET and News.com, Microsoft is not going to be providing a patch for this exploit any time soon because they have been trumped by PivX.

PivX found the syntax for the exploit and was able to custom craft a FIX. Other hackers will find the general method on exploiting gopher to gain root and will begin using it to take control and destroy systems with the click of a button, or lack thereof.

"If you or your organization still use Internet Explorer, I would treat this as serious." -Simon Brooke.

PivX initially released it's first patch/fix for this enormous hole on June 8h at midnight PST. After the first 15 hours we recorded over 75,000 downloads.

PivX has mirrors to download Gopher-Smoker v0.6 all around the globe; USA, Canada, Moscow, Finland, Sweeden, Scottland, Germany, South Africa, Japan and Austraillia. Go to http://www.pivx.com/download.html to download the latest version of Gopher-Smoker. For more information on the program, and the hole, see http://www.pivx.com/gopher_smoker.html

"So much for "trustworthy computing" that Microsoft is trumpeting from the rooftops! " Ryan Newman

About PivX Solutions

PivX Solutions, is a premier network security consultancy. It's crack team of engineers and technical staff led by 19 year old network security prodigy and University of California cybercrime instructor Geoff Shively has discovered holes and flaws in some of the world's best-known hardware and software manufacturers operating systems and hardware. PivX consults with some of the country's largest and most highly sensitive companies, consultancies and organizations. Their network security product specialists developed the patented and proprietary Invisiwall™ network security device which offers the most comprehensive and secure intrusion detection system available.

For more information please go to: pivx.com or invisiwall.net or you can email us at: press@pivx.com

About Centrifuge Partners

Centrifuge Partners can be reached at : centrifugepartners@earthlink.net

Press Inquiries: press@pivx.com or rob@centrifugepartners.com