Norton AntiVirus flaw ready for exploitation?

Exploit codes that take advantage of a security vulnerability in Symantec's Norton AntiVirus software have been published, which could leave users vulnerable to an attack. Security researcher Dan Milisic discovered a problem in the way Norton AntiVirus handles certain types of scripts and posted an alert that was published by European security Web site Secunia in October.

Exploit codes that take advantage of a security vulnerability in Symantec's Norton AntiVirus software have been published, which could leave users vulnerable to an attack.

Security researcher Dan Milisic discovered a problem in the way Norton AntiVirus handles certain types of scripts and posted an alert that was published by European security Web site Secunia in October.

According to Milisic, Symantec had already known about the vulnerability for a number of months before the alert was posted but the company denied that its script blocking utility was flawed.

In a statement to ZDNet Australia on October 26, a Symantec spokesperson said: "ScriptBlocking is intended to provide proactive detection against script-based worms and this component of Norton AntiVirus has been effective at doing this since its introduction in 2001. Symantec provides computer users with complete protection against script-based worms and other security threats and will continue to deliver appropriate technologies to do so, including antivirus, firewalls, intrusion detection and content filtering."

Unsatisfied with Symantec's response, Milisic decided to prove his point by developing some code capable of exploiting the flaws.

On Thursday, Milisic contacted ZDNet Australia  with an explanation of his findings and a copy of his codes.

According to Milisic, the code proves that the most recent version of Norton AntiVirus will not intervene when a certain type of virus-based script is executed.

"This is a 'typical' script-based virus that Norton AntiVirus will allow a user to run without any intervention. It is likely that code similar to this is already appended to script-based threats and worms.

Milisic said he tested the exploit codes using Norton AntiVirus 2005, which had been updated with the latest signatures, running on Windows XP.

Symantec was not available for comment.

Neil Campbell, the national security manager of IT services company Dimension Data, told ZDNet Australia  that although he would not comment on this specific issue, the 'bigger picture' is that companies should rely on numerous layers of protection - just in case an undiscovered vulnerability exists.

"Any defence that relies totally on a single layer of protection or control is doomed to failure. Even looking within the layer of antivirus software many organisations choose different vendors for gateway and desktop protection in anticipation of exactly this kind of situation," said Campbell.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All