Author Topic: "Symantec AntiVirus Worm Hole Puts Millions at Risk"  (Read 2771 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19507
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
"Symantec AntiVirus Worm Hole Puts Millions at Risk"
« on: May 26, 2006, 10:59:58 PM »
This is a very scary report, considering the number of people who rely on Symantec's A/V software.
Quote
A gaping security flaw in the latest versions of Symantec's anti-virus software suite could put millions of users at risk of a debilitating worm attack, Internet security experts warned May 25.

Researchers at eEye Digital Security, the company that discovered the flaw, said it could be exploited by remote hackers to take complete control of the target machine "without any user action."

"This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will," said eEye Digital Security spokesperson Mike Puterbaugh.

"We have confirmed that an attacker can execute code without the user clicking or opening anything," Puterbaugh said.

The complete story is here:  http://www.eweek.com/article2/0,1895,1967941,00.asp with a lot of additional background information, well worth the read.

Also see:  http://www.cnn.com/2006/TECH/internet/05/25/antivirus.flaw.ap/index.html for more on this topic:

Quote
Hackers can crack top antivirus program

Friday, May 26, 2006; Posted: 12:08 p.m. EDT (16:08 GMT)

WASHINGTON (AP) -- Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.

Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used and because no action is required by victims using the latest versions of Symantec Antivirus to suffer a crippling attack over the Internet.

Symantec has boasted that its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don't have any details."

"The Register" put a nice spin on the title of their article:  "Symantec coughs to security hole in its AV software"


Links courtesy of "Tashi"



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Eric the Red

  • ISO/IEC 27001:2013
  • Administrator
  • Hero Member
  • *****
  • Posts: 1618
  • Would somebody please pass me a beer!
    • View Profile
Re: "Symantec AntiVirus Worm Hole Puts Millions at Risk"
« Reply #1 on: June 02, 2006, 09:01:56 AM »
Update

The latest information from Symantec can be found here.
Any further updates from Symantec should be posted to that page so check it out if you are a user of Symantec's AV suite.
"The time to start running is around about the "e" in "Hey, you!" "

The information I provide is provided "AS IS" without warranty, and confers no rights.