December 2nd, 2001, 07:50 AM
According to a German Hacking Group Phenoelit, the tool used to update the virus defination in Symantec's antivirus products has a security hole that allows hostile code to be downloaded to PC's.
The software LiveUpdate, which updates virus protections, has flaws in both 1.4 and 1.6 versions. The connection can be hijacked using a number of DNS attack and re-route to the server of the attacker's choice. The hacking group further explained that the code can be downloaded to the user's machine and executed, if an attacker recreates the proper directory structure on the server the connection is sent to.
The gropu notified Symantec more than a month ago, but the companydid not immeditaely reply. Phenoelit has urged Symantes to use new Cryptographic signing methods and inform its customers about the flaw.
December 2nd, 2001, 11:39 AM