By Pia Heikkila, 12 October 2001 12:50
NEWS A German hacker group called Phenoelit has exposed a security hole in Symantec's anti-virus software. Phenoelit warned Symantec's LiveUpdate 1.4 is open for an attack after it discovered a vulnerability in its anti-virus software which allows attackers to run malware on the damaged the system. LiveUpdate 1.4 is an AV software features in most Symantec's products as it performs the automatic downloads from the Symantec update servers. The hacker group published the following warning on its website: "Version 1.4 of LiveUpdate can be used for rapid deployment of hostile code such as backdoors, trojan applications, viruses and worms - if unknown to the anti-virus pattern file and for remote penetration of systems running LiveUpdate via redirection of the initial connection to a server controlled by the attacker." Symantec also issued a warning on its site claiming the vulnerability is not specific to Symantec's products: "They have been widely known to be an internet infrastructure problem, not a Symantec product problem, for some time and have been utilised in many well-publicised DNS spoofing, redirection, cache poisoning attacks."
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below