Feeds

Symantec PR bunnies score Slammer own goal

Silence is Not Golden

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Symantec says it discovered the prolific Slammer worm "hours before it began rapidly propagating".

The claim, contained in a press release extolling the company's DeepSight Threat Management System, suggests that Symantec notified its own customers of a serious threat hours before the wider Internet community knew anything was amiss.

Wired takes Symantec to task for this apparent lapse in ethics. Symantec spokesman Yunsun Wee told Wired that it issued an alert about Slammer to its early warning list subscribers "at approximately 9pm PST on Friday, January 24."

News of the worm began to filter onto security mailing lists at 10pm PST, the magazine reports.

Well-established practices among AV vendors call for virus samples to be rapidly exchanged between rival vendors, so that users can be protected as soon as possible.

But did Symantec really sit on the problem? The company's claims are inconsistent: a Silicon Defence analysis shows that Slammer infected more than 90 per cent of vulnerable hosts within 10 minutes. This analysis is supported by first-person accounts of telecom security experts contacted by us, as well as security consultant Robert Graham's excellent review of the spread of the worm.

So we think this is more a case of Symantec shooting itself in the foot with inflated marketing claims for its early warning service rather than anything more sinister. If it knew about Slammer before everyone else (which is questionable) then we doubt it knew it was anything like as vicious as it turned out to be.

At least we hope so, but without been able to discuss the sequence of events or Symantec's wider alerting policy with anyone from the company its hard to know for sure.

Despite numerous calls to Symantec today the best its UK staffers could do was to point us towards its press release.

Pathetic.

Promises that its US team would be in touch came to nothing, but once they get in touch we'll be sure to update this story with what the company has to say. ®

External Link

CERT advisory on SQL Server (Slammer) worm

Related Stories

Security experts duped by Slammer 'jihad' rot
Slammer: Why security benefits from proof of concept code
Korean Net users blame MS for Slammer carnage
ATMs, ISPs hit by Slammer worm spread
MS struggles to contain the Slammer worm
SQL worm slams the Net
'Secure by design', claims MS op-ed ad
Out of the Slammer

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.