General, mnrx

Symantec Anti-virus has Flaw

May 26, 2006

from networkworld

Security researchers at eEye Digital Security have discovered a serious flaw in Symantec’s enterprise anti-virus software that could be used by hackers to create a self-replicating “worm” attack against Symantec users.

Because Symantec has not yet confirmed the existence of the problem, much less patched it, eEye is offering few details on the vulnerability, which was first disclosed late Wednesday.

“This is definitely a wormable flaw,” said Mike Puterbaugh, eEye’s vice president of marketing. “It does allow you to take remote control of the system.”

Similar to viruses, worms are able to spread from computer to computer, and past attacks such as 2003’s Blaster and Slammer worms were widespread.

Symantec is evaluating eEye’s claims and “if necessary, will provide a prompt response and solution,” a Symantec spokesman said Thursday.

EEye Chief Hacking Officer Marc Maiffret believes that it will take Symantec a “month or two” to patch the problem. “The vulnerability is pretty straightforward for them to identify within their code,” he said.

Version 10 and greater of Symantec’s enterprise anti-virus software is affected by the flaw, but the company’s consumer products do not have the bug, Maiffret said.

This is not the first flaw to be reported in Symantec’s security products, which have increasingly come under the scrutiny of hackers and security researchers over the past year. Last December, researcher Alex Wheeler discovered a flaw in Symantec’s Antivirus Library that could allow remote attackers to gain control of systems that used Symantec’s products.

In October a critical flaw was found in the company’s Scan Engine software.

designer

CCT

Are You Ready?

When you are ready to get more specific information about your project, click here and fill out our handy online form for a free web design quote.

Get My Free Quote

you need a website?
we can help

    order a project

    arrow

    Recent Posts

    In Web Design

    Domain Name Services fake letter.

    General, mnrx

    Domain Name Services Scam - Kind of

    May 26, 2006

    from networkworld Security researchers at eEye Digital Security have discovered a serious flaw in Symantec’s enterprise anti-virus software that...

    Captivating Website Design - Morehead City NC

    General, mnrx

    Web Design Basics

    May 26, 2006

    from networkworld Security researchers at eEye Digital Security have discovered a serious flaw in Symantec’s enterprise anti-virus software that...

    Dynamic Web Design in Morehead City NC

    General, mnrx

    Three Common Web Design Mistakes

    May 26, 2006

    from networkworld Security researchers at eEye Digital Security have discovered a serious flaw in Symantec’s enterprise anti-virus software that...

    arrow

    Go to our blog