Symantec flaw said to increase vulnerability to hackers

UPDATE: Symantec issues fix

Symantec security came under scrutiny this week after researchers exposed a flaw in the antivirus software’s latest versions. Experts say the security flaw makes the software susceptible to a debilitating worm attack that could put users at the mercy of remote hackers.

Researchers at eEye Digital Security issued an advisory on Thursday, May 25 after locating the flaw—a flaw they say hackers could capitalize on to access victim machines. The worm, if exploited, could enable someone to remove, edit or destroy files.

According to eEye spokesperson Mike Puterbaugh, remote hackers could take complete control of a machine through a command shell, without the user ever opening or clicking on anything. The company calls the threat a “high severity.”

An eEye advisory warns: “This flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with system-level access.”

Experts at eEye say the vulnerability affects versions 10 and greater of the Symantec antivirus software, including its corporate editions. They also say it affects Symantec Client Security versions 3.0 and greater.

But officials at Symantec say it’s too soon to disclose details. The company has begun investigating the matter but has yet to confirm such a flaw. Meanwhile, a spokesperson at eEye says intrusion protection software known as “Bink” could prevent such attacks when used in conjunction with Symantec products.

While the threat of a network attack is plausible, says Puterbaugh, he does not have evidence that would suggest a large-scale attack is on the horizon.

Industry experts say flaws found in antivirus software are becoming commonplace. Within the last two years, some of the most trusted names in the antivirus biz have issued necessary updates to counter code execution problems. And it’s a trend expected to rise.

In March 2004, the Witty worm corrupted a zero-day buffer overflow in security products sold by Internet Security Systems. The speedy worm was capable of infecting hard drives, preventing routine operation of PCs and eventually caused them to crash. Those in the know suggest the industry could soon face a bigger beast—a vicious network worm that uses security software flaws as the attack vector.

A Symantec spokesperson acknowledged eEye’s claim and promised the company will respond with a prompt solution, should the claim prove true. Experts at eEye say the development of a patch could take 1 to 2 months.

The software was designed by the Cupertino, Calif.-based company to protect against spyware, adware, viruses and other malicious intrusions. With more than 200 million users, Symantec serves as a safeguard for U.S. government agencies and some of the world’s largest corporations.