Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Symantec Users, Start Your Keyloggers 313

Posted by CowboyNeal from the unfurling-the-welcome-mat dept.
An anonymous reader writes "Script kiddies have been taking advantage of intrusion prevention features of Symantec's Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels, according to an amusing post at Washingtonpost.com. From the article: 'Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning. These are commands typically issued by the Spybot worm, which spreads over IRC and peer-to-peer file-swapping networks, installing a program that records and transmits everything the victim types (known as a keylogger).' Makes you wonder what other magic keywords produce unexpected results with Symantec's software."
This discussion has been archived. No new comments can be posted.

Symantec Users, Start Your Keyloggers More

Symantec Users, Start Your Keyloggers

Comments Filter:

  • Um. (Score:3, Interesting)

    by daeg ( 828071 ) on Thursday March 02, 2006 @09:11PM (#14839601)
    I hate Norton products. They are incredibly bloated, offer no technical documentation, and literally take over a system once installed. Have you ever tried to uninstall a Norton product? They are as bad as the viruses, worms, and trojans they claim to protect against.

  • This is why 2600 is awesome (Score:2, Interesting)

    by ejd003 ( 882960 ) on Thursday March 02, 2006 @09:37PM (#14839747) Journal
    Try to join #2600 on irc.2600.net before reading this article. Shit, probably too late.

  • Did we forget... (Score:2, Interesting)

    by Wrathernaut ( 939667 ) on Thursday March 02, 2006 @10:43PM (#14840081)
    A couple of things of note I haven't seen addressed:

    Why not just remove the text from incoming packets, leaving the rest intact?
    If the purpose of your software is to keep malware off the computer, why the **** do you need this feature in the first place?

    Programming may be tough to learn, but common sense appears to be impossible.

  • Channel name (Score:3, Interesting)

    by phorm ( 591458 ) on Thursday March 02, 2006 @11:00PM (#14840173) Journal
    How about if you put one of the keywords in the channel name, how would affected machines behave on getting a listing or joining the channel?

  • Re:MMORPG affected? (Score:2, Interesting)

    by xlordtyrantx ( 958605 ) on Friday March 03, 2006 @12:06AM (#14840445)
    So what if you were to create a program that mimicks traffic as though it were an IRC program? if you were to run that command through the port, what do you think will happen? I dont have symantec, so i cant test it

  • I can't decide what's more interesting... (Score:3, Interesting)

    by SeaFox ( 739806 ) on Friday March 03, 2006 @02:26AM (#14840965)
    This side effect of Norton's attempt to protect the user, or that Symantec thinks this is the best way to protect the user.

    I mean, if Norton is aware of a keylogger worm on IRC, wouldn't it make more sense to have Norton Internet Security kill the keylogger process or block the data the keylogger tries to send out? It is a firewall after all. Or, for Norton Antivirus to identify the keylogger and remove it as part of removing the worm. Would it not be part of the worm, and therefore something Norton is supposed to be removing, as part of the program's specified function?

    If stopping access to a service is how one should protect themselves from threats on it, maybe Norton should just block all TCP/IP traffic to prevent viruses, worms, and identity theft.

    Good thing the keylogger trigger wasn't "hello everyone".

Slashdot Top Deals

Genetics explains why you look like your father, and if you don't, why you should.

Close