Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Users, Start Your Keyloggers

Posted by ryuzaki0 on from the unfurling-the-welcome-mat dept.

An anonymous reader writes "Script kiddies have been taking advantage of intrusion prevention features of Symantec's Norton Firewall and Norton Internet Security Suites to knock users offline in IRC channels, according to an amusing post at Washingtonpost.com. From the article: 'Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning. These are commands typically issued by the Spybot worm, which spreads over IRC and peer-to-peer file-swapping networks, installing a program that records and transmits everything the victim types (known as a keylogger).' Makes you wonder what other magic keywords produce unexpected results with Symantec's software."

7 of 313 comments (clear)

  1. One thing for sure. by techno-vampire · · Score: 4, Insightful

    This is a very elegant trick; using the victim's anti-virus software as the tool to kick them off the net. Not only that, but you can do this to any number of people who happen to be on that channel and use the affected product. Now, if we could only get the skript kiddies to put their minds to something productive...

    --
    Good, inexpensive web hosting
  2. protection? yeah, right by psycho+chic · · Score: 5, Insightful
    and people pay for that crap?

    thats a really scary concept, that the very programs we rely on to protect our computers are so incredibly insecure that a couple keystrokes can completely disable our protection. you would think that if we are expected to pay a company to protect us, that they would do their best. this day in age, that is NOT the best they can do. Not a chance.

    1. Re:protection? yeah, right by Eightyford · · Score: 3, Insightful

      And now Microsoft is selling Antivirus software. Antivirus software to secure their unsecure operating system. I think this type of thing will ultimately force companies to switch back to Unix-like operating systems.

      --
      Religion for nerds. Stuff that really matters
  3. Re:time for a nick change by Deltaanime · · Score: 3, Insightful

    Yep, that works quite nicely.

    I've confirmed on my network that the following will kick some serious ass:

    - simply saying it in a channel
    - adding it to the beginning of a topic (meaning if a user simply does a /list, or /join's, they'll get kicked out)
    - changing your name to it
    - Quit messages

    It may also cause issues in PM's, notices, but have yet to confirm with that.

    We ended up just adding text filters for any spot where the text can occur, something like this (since we're on UnrealIRC):

    /spamfilter add cpnNPqat block - Norton_Exploit (start|stop)keylogger

    Something to that affect.

    It was a real annoyance on our network, ended up kicking some people out over it.

    ~Francisco

  4. Re:Impressive by DeadChobi · · Score: 3, Insightful

    I hang out with friends from high school on IRC. MSN and AIM suck for that, because you have to initiate contact. On IRC, all you do is type something, and all your friends see it. If they want to respond, they can. With modern IM's, when you initiate contact it's at the other person's inconvenience. You can leave a copy of XiRCON or mIRC minimized and idle 24/7. If you want to talk to people, just pop it up and you've got a convenient-for-both-parties instant line of communication. This is in contrast to instant messengers, which steal focus and make annoying sounds.

    --
    SRSLY.
  5. Re:MMORPG affected? by QuantumG · · Score: 3, Insightful

    on machine one:

    nc -l -p 6667

    on machine with NPF or NIS on it:

    telnet machineone 6667

    on machine one:

    startkeylogger

    machine two will now disconnect you from machine one and Norton will block you from connecting to machine one again. You have to go into the AutoBlock tab of the Symantec Client Firewall and remove the ip from the list.

    --
    How we know is more important than what we know.
  6. Workaround for that dumb +++ problem by Myria · · Score: 4, Insightful

    There actually was a simple workaround for that problem that almost all modems support. The standard command ATS2= sets which ASCII value is your modem escape code: the default value 33 is +.

    However, the value 255 was special: if you do ATS2=255, the +++ escape feature is disabled entirely. In this mode, you hang up by dropping the "terminal ready" bit on the serial port - something that can't be faked like +++. This has the disadvantage that you can't switch to command mode without hanging up, but that feature was rarely used (especially because data sent by the other side while in command mode gets dropped).

    This feature was frequently used by BBSs to stop this kind of thing from happening (IE, people doing +++ATH ATDT911).

    Meow,

    Melissa

    --
    "Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager