Monday, May 21, 2007

Chinese PCs Hit by Bad Symantec Signature

Via ComputerWorld -

A signature update to Symantec Corp.'s antivirus software crippled thousands of Chinese PCs Friday when the security software mistook two critical Windows .dll files for malware.

According to numerous blog entries from Chinese computer users, a virus-signature database seeded yesterday mistook two system files of a Chinese edition of Windows XP Service Pack 2 as a Trojan horse that Symantec dubbed "Backdoor.Haxdoor." The antivirus software -- Norton AntiVirus, for example, or the antivirus component of the Norton 360 or Norton Internet Security suites -- then quarantined the netapi32.dll and lsasrv.dll files.

"With these files removed, Windows XP will no longer start up, and even the system Safe Mode no longer functions," said one user writing to the Alt.comp.anti-virus newsgroup this morning.

Late Friday, China time, the Chinese Internet Security Response Team (CISRT) posted an alert on its English-language blog. "It's a terrible day for lots of Chinese users (especially Enterprise Users) who use Norton products today," CISRT said. Other reports claimed that more than 7,000 users had already contacted Rising Antivirus International Pty, asked for help on how they could recover their PCs. On the Chinese security company's home page, its threat gauge was rated at red late Friday, the highest ranking this year.

In an e-mailed statement, Symantec acknowledged the signature update bug and said it re-released a new update late Thursday, U.S. time.

No comments:

Post a Comment