Norton Antivirus: Now With ‘Horrific Irony’ Feature

By on February 10, 2005

A vulnerability has been discovered in Symantec’s virus scanning software that causes the software to run viruses instead of eliminating them.

The problem exists in how the scanning code handles a compression format known as the Ultimate Packer for Executables (UPX). An attacker could create a virus designed to exploit the UPX flaw and send it to victims through e-mail or host it on a Web site. An unpatched Symantec scanner checking incoming e-mail or the Web pages that users browse would run the program instead of catching the virus.

In other words, don’t bother telling people not to open the attachment with the virus, because the virus scanner already opened it up and ran it on the way in to the computer, conveniently saving them the step.

Does it get better? Yes. Yes it does.

“The impact of this vulnerability is exaggerated by the fact that many e-mail and other traffic routing gateways make use of file-scanning utilities that make use of the vulnerable library,” Symantec said in an advisory. “This could allow an attacker to potentially exploit high-profile systems used to filter malicious data, and potentially allow further compromise of targeted internal networks.”

The folks that write the Windows Installer programs should really hire some virus writers. Applications are often a pain to install on Windows, and yet you can get the latest viruses installed just by visiting a web page, looking at an image, etc.

Via SlashDot.



  1. ‘Horrific Irony’. Nice Headline. Very nice. I’m actually surprised that something like this has not been done already. Virus scanners obviously filter thru all sorts of data – both good and bad. Someone figuring out how to trick them into running something should not be that shocking.

    On a side note, I do a lot of tech support for work, and significant amount of the time there is nothing wrong with our hardware but Norton Internet Security locking the customer’s system down cold. Remove that, and everything comes back up. I’ve even seen it where you ‘fix’ the security settings and open the Internet back up, and 15 minutes later NIS reverts back to a locked-down state.

Comments are closed. If you have something you really want to say, tweet @gadgetopia.