Script kiddies have latched onto a minor glitch in Symantec security software to boot users off Internet Relay Chat (IRC) channels. Typing “startkeylogger” or “stopkeylogger” in an IRC channel results in the involuntary logoff of users of Norton Firewall and Norton Internet Security suites, The Washington Post reports.

The commands mimic those used by the infamous Spybot worm, a botnet client with multiple variants, some of which spread over IRC and peer-to-peer file-swapping networks, that installs a backdoor onto compromised systems. Symantec’s software doesn’t recognise the context of the commands and therefore takes fright, exiting IRC channels with the response “Read error: Connection reset by peer” whenever the dreaded Spybot-style phrases are uttered. A number of IRC channels have reportedly started filtering out the phrase.

Symantec said it would fix the bug, which is best described as a “minor quirk”. IRC channels are full of pranksters and mischief makers who’ve undoubtedly had some fun with the Symantec glitch, even though it’s unlikely to have affected more than a handful of people. ®

Related stories

• Flaw exposed in HSBC's online banking (10 August 2006)
• Warning over rogue anti-spyware app (7 April 2006)
• MS anti-spyware labels Symantec as Trojan (14 February 2006)
• Symantec reels in Relicore for data centre push (8 February 2006)
• Symantec shares slip on poor results (1 February 2006)
• Security vendors open another front against spyware (30 January 2006)
• Symantec fixes 'rootkit' bug in Systemworks (12 January 2006)
• Critical Symantec bug hits 40 products (22 December 2005)
• Password-stealing keyloggers skyrocket (18 November 2005)
• ID theft automated using keylogger Trojan (9 August 2005)
• Police cuff US student keystroke logger (2 February 2005)