Original URL: https://www.theregister.com/2006/03/03/symantec_security_glitch/

'Keylogger text' spooks Symantec

Boo to a (Norton) ghost

By John Leyden

Posted in Channel, 3rd March 2006 13:50 GMT

Script kiddies have latched onto a minor glitch in Symantec security software to boot users off Internet Relay Chat (IRC) channels. Typing “startkeylogger” or “stopkeylogger” in an IRC channel results in the involuntary logoff of users of Norton Firewall and Norton Internet Security suites, The Washington Post reports.

The commands mimic those used by the infamous Spybot worm, a botnet client with multiple variants, some of which spread over IRC and peer-to-peer file-swapping networks, that installs a backdoor onto compromised systems. Symantec’s software doesn’t recognise the context of the commands and therefore takes fright, exiting IRC channels with the response “Read error: Connection reset by peer” whenever the dreaded Spybot-style phrases are uttered. A number of IRC channels have reportedly started filtering out the phrase.

Symantec said it would fix the bug, which is best described as a “minor quirk”. IRC channels are full of pranksters and mischief makers who’ve undoubtedly had some fun with the Symantec glitch, even though it’s unlikely to have affected more than a handful of people. ®