Admin
8th June 2006, 04:31 PM
Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.
Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used and because no action is required by victims using the latest versions of Symantec Antivirus to suffer a crippling attack over the Internet.
Symantec has boasted that its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don't have any details."
Researchers from eEye Digital Security Inc. of Aliso Viejo, California, discovered the vulnerability and provided evidence to Symantec engineers this week, said eEye's chief hacking officer, Marc Maiffret. He demonstrated the attack for The Associated Press.
eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected.
So far, Symantec has no information on whether this threat is legitimate, but independent research firm eEye Digital Security demonstrated the attack for the Associated Press and confirmed it was real.
The good news: The flaw affects only the corporate edition of Symantec Antivirus, not the consumer version, and is highly doubtful that any hackers will be able to exploit the flaw until a patch is produced.
This doesn't mean that you should be complacent: If you use the corporate version of Symantec Antivirus (version 10), talk to your IT department about the issue and make sure they're in contact with Symantec about getting the patch. If you want to take extra precautions, disconnect your machine from the Internet if it's not in active use.
CNN Report
Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used and because no action is required by victims using the latest versions of Symantec Antivirus to suffer a crippling attack over the Internet.
Symantec has boasted that its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don't have any details."
Researchers from eEye Digital Security Inc. of Aliso Viejo, California, discovered the vulnerability and provided evidence to Symantec engineers this week, said eEye's chief hacking officer, Marc Maiffret. He demonstrated the attack for The Associated Press.
eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected.
So far, Symantec has no information on whether this threat is legitimate, but independent research firm eEye Digital Security demonstrated the attack for the Associated Press and confirmed it was real.
The good news: The flaw affects only the corporate edition of Symantec Antivirus, not the consumer version, and is highly doubtful that any hackers will be able to exploit the flaw until a patch is produced.
This doesn't mean that you should be complacent: If you use the corporate version of Symantec Antivirus (version 10), talk to your IT department about the issue and make sure they're in contact with Symantec about getting the patch. If you want to take extra precautions, disconnect your machine from the Internet if it's not in active use.
CNN Report