Norton AntiVirus flaw ready for exploitation?

Norton AntiVirus flaw ready for exploitation?

Summary: Exploit codes that take advantage of a security vulnerability in Symantec's Norton AntiVirus software have been published, which could leave users vulnerable to an attack. Security researcher Dan Milisic discovered a problem in the way Norton AntiVirus handles certain types of scripts and posted an alert that was published by European security Web site Secunia in October.

SHARE:
Exploit codes that take advantage of a security vulnerability in Symantec's Norton AntiVirus software have been published, which could leave users vulnerable to an attack.

Security researcher Dan Milisic discovered a problem in the way Norton AntiVirus handles certain types of scripts and posted an alert that was published by European security Web site Secunia in October.

According to Milisic, Symantec had already known about the vulnerability for a number of months before the alert was posted but the company denied that its script blocking utility was flawed.

In a statement to ZDNet Australia on October 26, a Symantec spokesperson said: "ScriptBlocking is intended to provide proactive detection against script-based worms and this component of Norton AntiVirus has been effective at doing this since its introduction in 2001. Symantec provides computer users with complete protection against script-based worms and other security threats and will continue to deliver appropriate technologies to do so, including antivirus, firewalls, intrusion detection and content filtering."

Unsatisfied with Symantec's response, Milisic decided to prove his point by developing some code capable of exploiting the flaws.

On Thursday, Milisic contacted ZDNet Australia  with an explanation of his findings and a copy of his codes.

According to Milisic, the code proves that the most recent version of Norton AntiVirus will not intervene when a certain type of virus-based script is executed.

"This is a 'typical' script-based virus that Norton AntiVirus will allow a user to run without any intervention. It is likely that code similar to this is already appended to script-based threats and worms.

Milisic said he tested the exploit codes using Norton AntiVirus 2005, which had been updated with the latest signatures, running on Windows XP.

Symantec was not available for comment.

Neil Campbell, the national security manager of IT services company Dimension Data, told ZDNet Australia  that although he would not comment on this specific issue, the 'bigger picture' is that companies should rely on numerous layers of protection - just in case an undiscovered vulnerability exists.

"Any defence that relies totally on a single layer of protection or control is doomed to failure. Even looking within the layer of antivirus software many organisations choose different vendors for gateway and desktop protection in anticipation of exactly this kind of situation," said Campbell.

Topics: Symantec, Malware, Security, Software Development

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Dear Norton people,

    I do not know another way to contact you but badly need your advice. After years of getting anti virus updates easily in the past four weeks I just cannot get them to download even though am connected to the internet. Can you help please? my e-mail is inall@iinet.net.au

    Thank you. Neil Inall
    anonymous
  • Norton's rip off

    I purchased a full Norton's antivirus ( the whole package ) - when I asked for asistance - they wanted to charge $99 - to remove a virus - that did not have - by the time I stopped the conversation - my computer was totally disabled - did they send me a virus rather?? - any inputs
    anonymous