funsec mailing list archives

RE: Massive cyber attack on China; millions of computers affected

From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Thu, 24 May 2007 12:19:22 -0400

I admit to not being entirely clear on this -- my understanding was that
perhaps only 7,000 machines were affected and it was resolved within a
half day through a def update.  Anyone know the real story?  

________________________________

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of rms () computerbytesman com
Sent: Thursday, May 24, 2007 11:45 AM
To: 'FunSec [List]'
Subject: [funsec] Massive cyber attack on China;millions of computers
affected

http://news.com.com/Flawed+Symantec+update+cripples+Chinese+PCs/2100-100
2_3-6186271.html?tag=nefd.top

Flawed Symantec update cripples Chinese PCs

A Symantec antivirus signature update mistakenly quarantined two
critical system files in the Simplified Chinese version of Windows XP
last week, crippling PCs throughout China. 

According to the Chinese Internet Security Response Team
<http://www.cisrt.org/enblog/>  (CISRT), users of Norton Antivirus,
Norton Internet Security 2007 and Norton 360
<http://news.com.com/Symantec+unleashes+Norton+360/2100-7355_3-6162139.h
tml>  who installed an antivirus signature update released by Symantec
on May 17 could not reboot their PCs. The update reportedly mistook two
Windows system files--"netapi32.dll" and "lsasrv.dll"--as the
Backdoor.Haxdoo Trojan horse. The two files were subsequently
quarantined. 

CISRT said the flawed Symantec update only affects users of the
Simplified Chinese version of Windows XP Service Pack 2 that have been
patched with a particular Microsoft software fix available since
November 2006. CISRT noted that this issue has been "huge." 

According to CCTV.com, which is part of China's largest national TV
network, the problem has affected millions of PCs and was not completely
resolved <http://www.cctv.com/program/bizchina/20070524/103599.shtml>
as of Wednesday. 

...

....

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Massive cyber attack on China; millions of computers affected rms (May 24)
- Re: Massive cyber attack on China; millions of computers affected Valdis . Kletnieks (May 24)
  - Re: Massive cyber "attack" on China; millions of computers affected rms (May 24)
    - Re: Massive cyber "attack" on China; millions of computers affected Valdis . Kletnieks (May 24)
- RE: Massive cyber attack on China; millions of computers affected Alex Eckelberry (May 24)