Update error leads to conspiracy theories and exploitation of fears.
A faulty update issued to some users of
Symantec
‘s
Norton
product line yesterday has led to an explosion of rumour, uncertainty and attempts to exploit a lack of clear information.
The update, a file called ‘Pifts.exe’, was released without the required certifying signature, which caused firewall portions of
Norton
‘s suites to alert users to its unexpected and apparently unauthorised activities. Early requests for information posted to forums maintained by
Symantec
were quickly overtaken by junk spam entries exploiting the wide interest in the issue among worried
Norton
users, and the removal of the spam-soaked postings sparked a further deluge of conspiracy theories as some assumed a cover-up on the part of
Symantec
. By the time official information was made available, the situation was being widely exploited, with many search results for the suspect filename leading to genuine malicious code.
Symantec
‘s belated official response to the issue is
here
, with detailed coverage of events as they emerged blogged by the
Washington Post
‘s Brian Krebs
here
.
Posted on 12 March 2009 by
Virus Bulletin
Leave a Reply