Advertisement
Promo

Security threats Toolkit

Symantec flaw can hide hacker activity

Joris Evers CNET News

Published: 12 Jan 2006 11:15 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Symantec has released an update to its popular Norton SystemWorks to fix a security problem that could be abused by cybercriminals to hide malicious software.

In the PC-tuning application, a feature called the Norton Protected Recycle Bin creates a hidden directory on Windows systems. The feature is meant to help people restore modified or deleted files, but the hidden folder might not be scanned during scheduled or manual virus scans, Symantec said in an advisory released on Tuesday

"This could potentially provide a location for an attacker to hide a malicious file on a computer," Symantec said. The security provider is not aware of any attempts by hackers to conceal malicious code in the folder. "This update is provided proactively to eliminate the possibility of that type of activity," it said.

Symantec's alert has echoes of Sony's recent security fiasco. The record label was found to be shipping copy protected discs that planted rootkit software on the computers that played them. The rootkit technology also offered a hiding place for malicious software.

When the recovery feature was first introduced, hiding the directory helped ensure that a user would not accidentally delete the files in it, Symantec said. "In light of current techniques used by malicious attackers, Symantec has re-evaluated the value of hiding this directory," the company said in its advisory.

Security monitoring company Secunia rates the issue "not critical". Symantec itself deems the risk impact "low."

Symantec credits Mark Russinovich, the Sysinternals researcher who also investigated the Sony rootkit, and F-Secure, a Finnish security company that has a rootkit detection product, for helping it address the SystemWorks issue.

The Norton update will display the previously hidden "NProtect" directory in the Windows interface, which will allow it to be scanned by antivirus products, Symantec said. The new version is available through the Symantec LiveUpdate service. Installing the software will require a system reboot.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
108 out of 180 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

5 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters