Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Users, Start Your Keyloggers

Posted by ryuzaki0 on from the unfurling-the-welcome-mat dept.

An anonymous reader writes "Script kiddies have been taking advantage of intrusion prevention features of Symantec's Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels, according to an amusing post at Washingtonpost.com. From the article: 'Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning. These are commands typically issued by the Spybot worm, which spreads over IRC and peer-to-peer file-swapping networks, installing a program that records and transmits everything the victim types (known as a keylogger).' Makes you wonder what other magic keywords produce unexpected results with Symantec's software."

20 of 313 comments (clear)

  1. +++ATH by petard · · Score: 4, Funny

    People just don't learn very well from past mistakes...

    --
    .sig: file not found
    1. Re:+++ATH by operagost · · Score: 2, Funny

      You bastNO CARRIER

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
  2. Yep, it works... by xx_toran_xx · · Score: 5, Funny

    startkeylogger -- phonex has quit (Read error: Connection reset by peer) -- TomA has quit (Read error: Connection reset by peer) -- something3280 has quit (Read error: Connection reset by peer

    --
    Arrrrrrr
  3. MMORPG affected? by kindbud · · Score: 4, Funny

    If I am dueling with a leet player on WoW, will this work to kick him off the game? Would I be able to gank him before the server times him out?

    --
    Edith Keeler Must Die
  4. So bad? by mugnyte · · Score: 3, Funny


      While yes a bug, most of my experience on IRC would point towards a benefit if anyone could boot anyone else. The benefit is to those booted, to be clear.

  5. Doesn't affect me by GAATTC · · Score: 5, Funny

    I have Symantec's Norton Firewall and when I type startkeylogge

  6. But they just did... by TCQuad · · Score: 3, Funny

    Now, if we could only get the skript kiddies to put their minds to something productive...

    Since IRC is mostly a time-killer, wouldn't something that knocks people off of it be considered productive?

  7. Re:Impressive by tsm_sf · · Score: 2, Funny

    OTOH if you want to quickly get ahold of a random asshole, and you don't live in NYC, it's really the only solution.

    --
    Literalism isn't a form of humor, it's you being irritating.
  8. Thanks alot! by Spiffness · · Score: 2, Funny

    Stupid slashdot! Great, now its public. I've had so much fun the last 2 weeks joining channels like 'teenlink69' and 'cyberz' on big networks and using the command.

    Its good times watching 10-15 people drop at a time in the huge channels.

    But now the fun will quickly disapear, thanks to slashdot. DOH!

  9. Re:Does it work with other programs? by Anonymous Coward · · Score: 3, Funny

    I have the Symantec suite installed, and when I type "startkeylogger

  10. Hehe by kernelpanicked · · Score: 2, Funny

    I never thought I would intentionally go into a room full of Windows users on IRC, but I'm soooo all over this

    --
    Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
  11. IRC just got so much better by kernelpanicked · · Score: 2, Funny

    (kernelpanicked) startkeylogger

    [quux(n=bryan@pdpc/supporter/sustaining/quuxo)] please don't do it again

    (kernelpanicked) no problem, startkeylogger

    *tear* It's like christmas for UNIX geeks has come early

    --
    Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
  12. And now, ladies and gentlemen... by Spy+der+Mann · · Score: 5, Funny

    Type "start" and "key" and "logger" together and something funny happens!
    <n00b>startkeylogger
    * n00b has Quit IRC (G-Lined - Banned from AustNet: This address has been used for deliberately try to disconnect others)
    <user1>ROFLMAO!
    <user2>Dude, stop doing that
    <user1>Don't worry, he won't do it again
    <user2>LOL!

  13. Reminds me of another IRC trick to have fun with.. by trevorgensch · · Score: 2, Funny

    When I was bored on IRC sometimes I used to visit a random, well populated channel I would simply type

    "Press ALT-F4 now to gain instant access to my ratio free, unlimited download porn fserve"

    And then sit back and watch the amount of nicks reduce by less than half.

  14. Bitcom too by Reziac · · Score: 4, Funny

    Remember the old Bitcom for DOS? if you were reading messages on a BBS, and if in one of those messages you encountered the phrase "NO CARRIER", Bitcom would helpfully hang up the modem!

    --
    ~REZ~ #43301. Who'd fake being me anyway?
  15. Re:One thing for sure. by mboverload · · Score: 4, Funny

    With all due respect to people who use Norton,

    Only script kiddies use Norton. Seriously.

  16. Re:protection? yeah, right by ravenlock · · Score: 2, Funny

    ...like a web browser, or a media player?

  17. Yes, I've had something similar before by Moraelin · · Score: 2, Funny

    Yep, I've been hit before by the exact same scenario you describe, although probably with a different string.

    So I'm playing WoW happily and suddenly I'm completely lagged (you know, those time-bubbles where you can run around, but not cast spells or receive any update from the server) and then disconnected. Better yet, when I try to reconnect, I can't.

    Turns out that something in that stream of binary data between the WoW server and the WoW client looked to Norton suspiciously like some old SQL Server exploit. Never mind that it wasn't even talking to the right program, on the right port, or in the right direction. So it helpfully took me offline, for my own good.

    Now as I've said, I have no clue exactly _what_ sequence of bytes triggered it there. Presumably something more SQL-like than this one. But I wouldn't be surprised if someone took the time to figure it out and broadcast it in a battleground match.

    --
    A polar bear is a cartesian bear after a coordinate transform.
  18. Re:No surprise here... by caudron · · Score: 3, Funny

    US companies suck at malware detection. I've found the eastern European companies to be among the best.

    Sure, the author is always gonna best know how to uninstall his app.

    --
    -Tom
  19. Re:Channel name by kars · · Score: 2, Funny

    Or setting your nick to startkeylogger..

    --
    Take life easy: one bit at a time.