funsec mailing list archives
RE: Massive cyber attack on China; millions of computers affected
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Thu, 24 May 2007 12:19:22 -0400
I admit to not being entirely clear on this -- my understanding was that perhaps only 7,000 machines were affected and it was resolved within a half day through a def update. Anyone know the real story? ________________________________ From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of rms () computerbytesman com Sent: Thursday, May 24, 2007 11:45 AM To: 'FunSec [List]' Subject: [funsec] Massive cyber attack on China;millions of computers affected http://news.com.com/Flawed+Symantec+update+cripples+Chinese+PCs/2100-100 2_3-6186271.html?tag=nefd.top Flawed Symantec update cripples Chinese PCs A Symantec antivirus signature update mistakenly quarantined two critical system files in the Simplified Chinese version of Windows XP last week, crippling PCs throughout China. According to the Chinese Internet Security Response Team <http://www.cisrt.org/enblog/> (CISRT), users of Norton Antivirus, Norton Internet Security 2007 and Norton 360 <http://news.com.com/Symantec+unleashes+Norton+360/2100-7355_3-6162139.h tml> who installed an antivirus signature update released by Symantec on May 17 could not reboot their PCs. The update reportedly mistook two Windows system files--"netapi32.dll" and "lsasrv.dll"--as the Backdoor.Haxdoo Trojan horse. The two files were subsequently quarantined. CISRT said the flawed Symantec update only affects users of the Simplified Chinese version of Windows XP Service Pack 2 that have been patched with a particular Microsoft software fix available since November 2006. CISRT noted that this issue has been "huge." According to CCTV.com, which is part of China's largest national TV network, the problem has affected millions of PCs and was not completely resolved <http://www.cctv.com/program/bizchina/20070524/103599.shtml> as of Wednesday. ... ....
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Massive cyber attack on China; millions of computers affected rms (May 24)
- Re: Massive cyber attack on China; millions of computers affected Valdis . Kletnieks (May 24)
- Re: Massive cyber "attack" on China; millions of computers affected rms (May 24)
- Re: Massive cyber "attack" on China; millions of computers affected Valdis . Kletnieks (May 24)
- Re: Massive cyber "attack" on China; millions of computers affected rms (May 24)
- RE: Massive cyber attack on China; millions of computers affected Alex Eckelberry (May 24)
- Re: Massive cyber attack on China; millions of computers affected Valdis . Kletnieks (May 24)