Symantec Claims They Knew About Slammer In Advance

truthsearch writes "Wired is reporting 'Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer.' I'm not bothered I didn't know Slammer was coming, but Symantec has a moral responsibility to inform the public if it thinks millions will be affected." It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. Update: 02/14 16:54 GMT by M : Wired has their math wrong; Symantec apparently had at most 20-30 minutes of early warning. Symantec claims in this press release that they discovered the worm "hours before it began rapidly propagating".

How does this announcement gain Symantec?

[Max+Romantschuk]

OK, I don't get it... How does Symantec going "We knew all about it but we didn't tell you" make Symantec look good in any way? I know I get annoyed when people behave like that... So anyone have a thought on exactly how this benefits Symantec?

Re:Hmm..

[Pxtl]

I've always noticed that too. The fact that there's never any large-scale loss really does encourage the idea that its not your garden-variety blackhat. When I was a kid, your computer contracting a virus meant that you could kiss all your files goodbye. These days, it means your connection will be lagged and maybe some e-mail sent. All ILOVEYOU even did was delete some jpgs and mp3s. I'm surprised that none of these worms don't wait for an hour or two(for the computer to finish spreading) then wipe the machine or something - or maybe begin spewing the contents of the SQL database onto the 'net (heaven forbid credit card #'s be in there).

I always say when something like this happens - at least the attacker wasn't going for raw damage.

Symantec lies

[helix400]

Symantec has a bad history of not telling current customers about their viruses. When they discover a virus, they first take a few days to figure out a fix, and when they find a fix...THEN they announce it as "Discovered". Sure makes them look good when they claim to discover and fix most viruses the same day

I saw this first hand. When Opaserv variants were coming out almost weekly last fall, Symantec was very slow to acknowledge their existance. A few people I know sent them executables of a new variant on October 19. Finally, on October 23, they announced they "Discovered" it...4 DAYS AFTER WE SENT IT TO THEM! Those Symantec liars didn't even tell us that they discovered it, but they're working on a fix. No, they sat on the virus for 4 days! (Want proof? Check out Symantec's Oct 23 discover day for brasil.pif, here, and compare that with the Oct 19 date that many of us first noticed that virus on this discussion sire here.) And of course, following true to Symantec policy, they claimed to have released a fix either the day of discovery or the the next day...to show they're working hard for their customers.

Stupid liars.

Re:Symantec lies

[CrazyDuke]

I experienced this on what should have been routine for them by now, yet another sub7 varient. I didn't know it was sub7 at the time other than it did basically what the sub7's before it did. I tried it on a dummy box, and it waltzed past Norton Antivirus. I verified the infection when my firewall started complaining about illegal requests from the trojan phoning home. I submitted the executable as packaged, discribed its infection stratagy, removal guide, and packaged it all in a nice little email explaining that I had the latest and greatest patches and list for their current corporate version antivirus. This took me about 3 hours total, from research, infection, tracing, removal, verifying removal, formating a report, and submiting it.

About a month an a half later, I get a terse email from Symantic, stating that they already knew about sub7 and that they had had the definitions for a month now. They recommended that I should keep my antivirus updated more often. This was conveyed in a nice little way that sounded like I was some AOL newbie that couldn't tell the left from the right mouse button. Needless to say, I am no fan of Symantic now.

Re:Bag of Hammers (was "Big Surprise")

[Feral+Bueller]

I had the opportunity to interview with Symantec about 5 years ago, for the Norton Anti-Virus unit.

It's safe to say by your post that you haven't.

To post the assertion that these guys have anything to the propagation and dissemination of viruii is retarded - not only do they have to contend with regular build issues, feature requests, etc. - but they also have to keep up with the dozens of virii released into the wild on a weekly basis. The heuristics involved in developing the software necessary to *fix* an already infected (sometimes by multiple virii) is pretty impressive. There's no *good* reason why any of these engineers would intentionally create more work for themselves -- they don't need any.

Additionally, they aren't the only game in town as far as anti-virus software. They would be out of the fame in a New York minute if they were ever found to be involved in disseminating virii, intentionally or not.

Please turn off your computer and go back to your "X-Files" reruns.

P.S. - The coolest thing about the interview was when one of the Senior Engineers showed me the Quarantine Room, where they research different virii and repairing the damage.