A vulnerability has been discovered in Symantec’s virus scanning software that causes the software to run viruses instead of eliminating them.
The problem exists in how the scanning code handles a compression format known as the Ultimate Packer for Executables (UPX). An attacker could create a virus designed to exploit the UPX flaw and send it to victims through e-mail or host it on a Web site. An unpatched Symantec scanner checking incoming e-mail or the Web pages that users browse would run the program instead of catching the virus.
In other words, don’t bother telling people not to open the attachment with the virus, because the virus scanner already opened it up and ran it on the way in to the computer, conveniently saving them the step.
Does it get better? Yes. Yes it does.
“The impact of this vulnerability is exaggerated by the fact that many e-mail and other traffic routing gateways make use of file-scanning utilities that make use of the vulnerable library,” Symantec said in an advisory. “This could allow an attacker to potentially exploit high-profile systems used to filter malicious data, and potentially allow further compromise of targeted internal networks.”
The folks that write the Windows Installer programs should really hire some virus writers. Applications are often a pain to install on Windows, and yet you can get the latest viruses installed just by visiting a web page, looking at an image, etc.