Posted by Virus Bulletin on Mar 12, 2009
Update error leads to conspiracy theories and exploitation of fears.
A faulty update issued to some users of Symantec's Norton product line yesterday has led to an explosion of rumour, uncertainty and attempts to exploit a lack of clear information.
The update, a file called 'Pifts.exe', was released without the required certifying signature, which caused firewall portions of Norton's suites to alert users to its unexpected and apparently unauthorised activities. Early requests for information posted to forums maintained by Symantec were quickly overtaken by junk spam entries exploiting the wide interest in the issue among worried Norton users, and the removal of the spam-soaked postings sparked a further deluge of conspiracy theories as some assumed a cover-up on the part of Symantec. By the time official information was made available, the situation was being widely exploited, with many search results for the suspect filename leading to genuine malicious code.
Symantec's belated official response to the issue is here, with detailed coverage of events as they emerged blogged by the Washington Post's Brian Krebs here.
Posted on 12 March 2009 by Virus Bulletin
