Original URL: http://www.theregister.co.uk/2007/09/25/symantec_internet_meltdown_false_alarm/

Symantec accidentally warns of internet meltdown

Dr Strangelove, I presume

By John Leyden

Posted in Security, 25th September 2007 13:10 GMT

Symantec inadvertently warned enterprise customers of a full-scale internet meltdown on Friday.

An erroneous alert from Symantec's DeepSight falsely warned that a devastating attack was underway. The message, which went out at 8:40pm Eastern time, contained a subject line that stated: "DeepSight Increased ThreatCon from 1 to 4 Alert."

The ThreatCon scale - whose moniker mimics the defense readiness condition (DEFCON) system used by the military - runs from one (all calm on the Western Front) to four (meltdown).

The mark is decided by Symantec based on the patterns of attacks it monitors. Symantec has never issued a genuine ThreatCon 4 alert and has only rarely ramped up the scale to ThreatCon 3. The last time Symantec issued a ThreatCon 3 alert was in May 2004, during the height of the Sasser worm epidemic.

Symantec recalled the long range bombers moved back down to ThreatCon 1 and hour after issuing its Chicken Little-style alert on Friday. The security giant blamed the erroneous alert on "product testing", Computerworld reports.

Symantec's European centre of operations, one of four tracking stations it runs across the world, is housed in a former nuclear shelter in rural Hampshire. Perhaps all that time underground monitoring threats affected one of Symantec's security watchers.

Perhaps some stir-crazy watcher, worried about hackers polluting our precious internet traffic, had a Brigadier General Jack D Ripper-style moment and ratcheted up the threat scale. ®