Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Symantec provides hiding place for hackers

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Symantec provides hiding place for hackers
Date: Thu, 12 Jan 2006 03:25:59 -0600 (CST) 
http://news.com.com/Symantec+provides+hiding+place+for+hackers/2100-1002_3-6026203.html

By Joris Evers 
Staff Writer, CNET News.com
January 11, 2006

Symantec has released an update to its popular Norton SystemWorks to
fix a security problem that could be abused by cybercriminals to hide
malicious software.

In the PC-tuning application, a feature called the Norton Protected
Recycle Bin creates a hidden directory on Windows systems. The feature
is meant to help people restore modified or deleted files, but the
hidden folder might not be scanned during scheduled or manual virus
scans, Symantec said in an advisory released Tuesday.

"This could potentially provide a location for an attacker to hide a
malicious file on a computer," Symantec said. The Cupertino, Calif.,
security provider is not aware of any attempts by hackers to conceal
malicious code in the folder. "This update is provided proactively to
eliminate the possibility of that type of activity," it said.

Symantec's alert has echoes of Sony BMG Music Entertainment's recent
PC security fiasco. The record label was found to be shipping
copy-protected compact discs that planted so-called rootkit software
on the computers that played them. The rootkit technology also offered
a hiding place for malicious software.

When the recovery feature was first introduced, hiding the directory
helped ensure that a user would not accidentally delete the files in
it, Symantec said.

"In light of current techniques used by malicious attackers, Symantec
has re-evaluated the value of hiding this directory," the company said
in its advisory.

Security monitoring company Secunia rates the issue "not critical."  
Symantec itself deems the risk impact "low."

Symantec credits Mark Russinovich, the Sysinternals researcher who
also investigated the Sony rootkit, and F-Secure, a Finnish security
company that has a rootkit detection product, for helping it address
the SystemWorks issue.

The Norton update will display the previously hidden "NProtect"  
directory in the Windows interface, which will allow it to be scanned
by antivirus products, Symantec said. The new version is available
through the Symantec LiveUpdate service. Installing the software will
require a system reboot.

-=-

Copyright ©1995-2006 CNET Networks, Inc. All rights reserved.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Symantec provides hiding place for hackers, InfoSec News <=
Previous by Date:  [ISN] IG critical of DOD IT, InfoSec News
Next by Date:  [ISN] Five mistakes of vulnerability management, InfoSec News
Previous by Thread:  [ISN] IG critical of DOD IT, InfoSec News
Next by Thread:  [ISN] Five mistakes of vulnerability management, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]