Tough weekend for AV giants as FPs and DNS issues hit

Posted by   Virus Bulletin on   Sep 10, 2008

Trend false alert cripples users' systems, Sophos sites taken out by DNS mixup.

Two of the larger security firms, Trend Micro and Sophos, had a busy weekend cleaning up after troubles hit them on Friday. Trend Micro released a pair of signature updates which led to its products erroneously identifying several Windows system files as malware, resulting in some systems becoming unusable. Meanwhile, some Sophos customers were left unable to access updates thanks to DNS problems which impacted access to the firm's websites for up to 48 hours.

The Trend false positive resulted from a pair of faulty definitions, and hit XP and Vista users around the world. An update to fix the problem was released promptly on Friday, but not in time for some, who found their systems frozen as access to the required DLL and Javascript files was denied by the security software.

Although the exact number of customers affected remains unclear, one correspondent told ComputerWorld the Trend support lines were overflowing with demands for assistance. The incident is not thought to be as major as one suffered by Trend three years ago, which severely affected many users in Trend's home market of Japan and led to public apologies from the Trend board. More details and comment on the recent problems are in ComputerWorld here or The Register here, with an official support article at Trend here.

Sophos users found access to some of the company's websites, including those used to provide security updates, interrupted after what was apparently an error made by an external DNS management company. The slip meant that the domain was unreachable for a time, although local versions of the site were unaffected. Even once the problem had been spotted and fixed, users in some areas continued to have problems into the weekend as the changes propagated.

Sophos issued statements making it clear that the problems were not the results of any malicious activity, and reassuring customers that updates would be caught up with as soon as the DNS changes settled in. The advisory is on the Sophos site here.

Posted on 10 September 2008 by Virus Bulletin



Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.