New from Symantec: Norton Gaping Hole 2006

Looks like Symantec’s anti-virus software suite needs an anti-virus software suite. Researchers at eEye Digital Security have discovered a serious flaw in Symantec AntiVirus Corporate Edition 10.x and Symantec Client Security 3.x that could be exploited to give an intruder complete control of a target machine “without any user action.” “This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will,” eEye Digital Security spokesman Mike Puterbaugh told eWeek. “We have confirmed that an attacker can execute code without the user clicking or opening anything.” eEye says it’s not been able to find a proof-of-concept exploit, so it’s not likely that an attack is imminent. Still, you never know. “There’s nothing to say that someone hasn’t found this and is already using it for nefarious activities,” Puterbaugh explained. “It’s quite possible that we weren’t the only ones to find this. Who knows if it’s already being used in targeted attacks that we’ll never hear about.”


Share this Post

  • Nick

    If there were no more viri then the companies that protect us would go out of business.

    Who makes money off of exploits?

    Hint hint.