Symantec false positive cripples thousands of Chinese PCs
- From: ** <**@.org>
- Date: Sat, 19 May 2007 05:02:48 +0800
Symantec false positive cripples thousands of Chinese PCs
Virus signature update mistakes critical Windows files for malware
Gregg Keizer Today?s Top Stories or Other Security Stories
May 18, 2007 (Computerworld) -- A signature update to Symantec's anti-virus
software crippled thousands of Chinese PCs Friday when the security software
took two critical Windows .dll files for malware.
According to numerous blog entries from Chinese computer users, a virus
signature database seeded yesterday mistook two system files of a Chinese
edition of Windows XP SP2 as a Trojan horse which Symantec dubs
"Backdoor.Haxdoor." The anti-virus software -- Norton AntiVirus, for example, or
the anti-virus component of the Norton 360 or Norton Internet Security suites --
then quarantined the netapi32.dll and lsasrv.dll files.
"With these files removed, Windows XP will no longer start up, and even the
system Safe Mode no longer functions," said one user writing to the
alt.comp.anti-virus newsgroup this morning.
Late Friday, China time, the Chinese Internet Security Response Team (CISRT)
posted an alert on its English-language blog. "It's a terrible day for lots of
Chinese users (especially Enterprise Users) who use Norton products today,"
CISRT said. "This issue has made a huge effection to Chinese people." Other
reports claimed that more than 7,000 users had already contacted Rising
Antivirus, a Chinese security company, asked for help on how they could recover
their PCs. On Rising's home page, its threat gauge was rated at red late Friday,
the highest ranking this year.
In an e-mailed statement, Symantec acknowledged the signature update bug and
said it re-released a new update late Thursday, U.S. time. The Cupertino,
Calif.-based security vendor also said that only Simplified Chinese versions of
Windows XP SP2 that have been patched with a Microsoft fix from November 2006
were impacted.
PAGE 2
If the PC hasn't been rebooted, users can grab the revised signature update to
fix the problem, said Symantec. But if Windows was restarted after the flawed
update, the user has a much harder row to hoe. Because the bad signature update
removed the two .dll files, Windows won't boot -- it ends in a Blue Screen of
Death, said CISRT -- and so there's no way to retrieve the new signature or to
restore from a backup.
"Customers impacted by this issue following reboot of an affected system can
return their system(s) to the previous state through use of the Windows recovery
console," Symantec said. XP's recovery console is a command line-driven tool
that gives limited access to the PC and its hard drive. Users writing on online
forums recommended users copy the two .dll files from their Windows restore CD
to the hard drive.
A likely snafu in that scenario, however, is that many Chinese users don't have
a restore CD because they're running pirated copies of Windows.
"Norton this time has made a very serious mistake," the Chinese-language Sogou
news site said [translation by Babelfish -- eds.].
"All the main news channel in China has reported this since 6 in the morning ECT
+8, but symantec keeps silence," someone identified as "Ink" said on the Wilders
Security Forum.
Other anti-virus companies have gone through similar fiascos. In March, users
blamed Microsoft Corp.'s Windows Live OneCare for deleting Outlook e-mail files,
although the company denied that the security service was at fault. More than
two years ago, Trend Micro Inc. distributed a flawed virus definition file that
slowed thousands of PCs to a crawl. Three months later, the anti-virus vendor
said that the incident had run up $8.2 million in direct costs to the company.
End
Security Resource Alerts
.
- Prev by Date: Report: Victim catches thief as he stops to count loot in Malaysia
- Next by Date: Medical Ethics Cannot Control Chinese Military System's Organ Harvest
- Previous by thread: Report: Victim catches thief as he stops to count loot in Malaysia
- Next by thread: Medical Ethics Cannot Control Chinese Military System's Organ Harvest
- Index(es):
Relevant Pages
|
Loading
