Symantec Users, Start Your Keyloggers 313
An anonymous reader writes "Script kiddies have been taking advantage of intrusion prevention features of Symantec's Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels, according to an amusing post at Washingtonpost.com. From the article: 'Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning. These are commands typically issued by the Spybot worm, which spreads over IRC and peer-to-peer file-swapping networks, installing a program that records and transmits everything the victim types (known as a keylogger).' Makes you wonder what other magic keywords produce unexpected results with Symantec's software."
Um. (Score:3, Interesting)
This is why 2600 is awesome (Score:2, Interesting)
Did we forget... (Score:2, Interesting)
Why not just remove the text from incoming packets, leaving the rest intact?
If the purpose of your software is to keep malware off the computer, why the **** do you need this feature in the first place?
Programming may be tough to learn, but common sense appears to be impossible.
Channel name (Score:3, Interesting)
Re:MMORPG affected? (Score:2, Interesting)
I can't decide what's more interesting... (Score:3, Interesting)
I mean, if Norton is aware of a keylogger worm on IRC, wouldn't it make more sense to have Norton Internet Security kill the keylogger process or block the data the keylogger tries to send out? It is a firewall after all. Or, for Norton Antivirus to identify the keylogger and remove it as part of removing the worm. Would it not be part of the worm, and therefore something Norton is supposed to be removing, as part of the program's specified function?
If stopping access to a service is how one should protect themselves from threats on it, maybe Norton should just block all TCP/IP traffic to prevent viruses, worms, and identity theft.
Good thing the keylogger trigger wasn't "hello everyone".