Jump to content

Ooops. This is going to hurt!


Recommended Posts

WASHINGTON (AP) -- Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.

Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used and because no action is required by victims using the latest versions of Symantec Antivirus to suffer a crippling attack over the Internet.

Symantec has boasted that its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don't have any details."

Researchers from eEye Digital Security Inc. of Aliso Viejo, California, discovered the vulnerability and provided evidence to Symantec engineers this week, said eEye's chief hacking officer, Marc Maiffret. He demonstrated the attack for The Associated Press.

eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected.

Maiffret's company -- which has discovered hundreds of similar flaws in other software products -- also produces intrusion-protection software, called "Blink," that he said already blocks such attacks and can operate alongside Symantec's antivirus products.

Maiffret published a note about the company's discovery on its Web site but pledged not to reveal details publicly that would help hackers attack Internet users until after Symantec repairs its antivirus software. eEye said it intends to describe the problem in detail privately for some of its largest customers.

"People shouldn't panic," Maiffret said. "There shouldn't be any exploits until a patch is produced."

The reported flaw comes at an awkward time for Symantec. Its chief executive, John Thompson, has campaigned in recent months to convince consumers they should trust Symantec -- not Microsoft Corp. -- to protect their personal information.

Maiffret said eEye's testing showed the problem affects Symantec Antivirus Version 10, including its corporate editions. He said Symantec's consumer antivirus product, known as Norton Antivirus 2006, and its current security suite -- which includes both antivirus and firewall features -- did not appear to be vulnerable.

_______________________

Cheers from your intrepid web reporter :P

Link to post
Share on other sites

And the fix is in!!

____________________________________

WASHINGTON (AP) -- Symantec Corp. has repaired a serious problem with versions of its leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies. The flaw lets hackers steal sensitive data, delete files or implant malicious programs.

Symantec began providing a repairing patch for its software over the Memorial Day weekend, just days after researchers disclosed the problem.

The speedy response -- many software manufacturers take months to do similar repairs -- underscored the seriousness of the threat, which affected the latest corporate versions of Symantec Antivirus.

The company said the patch is available using its LiveUpdate technology, which distributes the latest antivirus protections. The company said it has not detected efforts by hackers to exploit the antivirus flaw.

Symantec said its engineers have worked 24 hours a day on the problem since its discovery last week by eEye Digital Security Inc. of Aliso Viejo, California. "Symantec is a company used to responding rapidly," said Vince Weafer, senior director for Symantec's security response unit.

Weafer said consumer versions of Symantec's popular Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw. Symantec's antivirus products are installed on more than 200 million computers.

eEye published a note about its discovery on its Web site last week but pledged not to reveal details publicly that would help hackers attack Internet users until after Symantec repaired its antivirus software.

An eEye executive, Marc Maiffret, said Tuesday the company will wait until patches are available for all language-editions of Symantec's antivirus products before disclosing further details, which he said could come as early as this week.

"I can't believe they were able to turn that around so fast, definitely a good job for them," Maiffret said.

________________________________________

Cheers from your intrepid web reporter :P

Link to post
Share on other sites

It hit over the weekend, but apparently not many hackers took advantage of it? It's amazing Symantec was able to turnaround that fast... there was even a front page (front business page, that is) article about this.

Link to post
Share on other sites

I read once that security firms will often notify vendors of flaws or vulnerabilities in their software privately and only announce them on the Internet if they feel that the vendor is not responding to their warnings. So possibly Symantec was warned of the issue some time ago.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...